[Git][security-tracker-team/security-tracker][master] NFUs (concludes external check)

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 13 10:12:27 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1616418 by Moritz Muehlenhoff at 2021-10-13T11:12:04+02:00
NFUs (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -375,7 +375,7 @@ CVE-2021-42259
 CVE-2021-42258
 	RESERVED
 CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an unprivil ...)
-	TODO: check
+	NOT-FOR-US: check_smart Icinga plugin
 CVE-2021-42256
 	RESERVED
 CVE-2021-3878
@@ -620,7 +620,7 @@ CVE-2021-42141
 CVE-2021-42140
 	RESERVED
 CVE-2021-42139 (Deno before 0.107.0 allows Code Injection via an untrusted YAML file i ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2021-42138
 	RESERVED
 CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...)
@@ -2433,7 +2433,7 @@ CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is uniqu
 CVE-2021-41356
 	RESERVED
 CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET
 CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...)
@@ -2950,7 +2950,7 @@ CVE-2021-41119
 CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
 	NOT-FOR-US: DynamicPageList3 MediaWiki Extension
 CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...)
-	TODO: check
+	NOT-FOR-US: keypair
 CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...)
 	- composer <not-affected> (Only affects Windows)
 	NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
@@ -16268,13 +16268,13 @@ CVE-2021-35499
 CVE-2021-35498
 	RESERVED
 CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO  ...)
 	NOT-FOR-US: WebFOCUS
 CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
@@ -19892,7 +19892,7 @@ CVE-2021-33905
 CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the security/hos ...)
 	NOT-FOR-US: Accela Civic Platform
 CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...)
-	TODO: check
+	NOT-FOR-US: LANCOM
 CVE-2021-33902
 	RESERVED
 CVE-2021-33901
@@ -20018,7 +20018,7 @@ CVE-2021-33851
 CVE-2021-33850
 	RESERVED
 CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions & ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled  ...)
@@ -24783,11 +24783,11 @@ CVE-2021-31990
 CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...)
 	NOT-FOR-US: AXIS
 CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not  ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not  ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1616418133fef562ba5f7bf327b99aad3be24ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1616418133fef562ba5f7bf327b99aad3be24ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211013/31f52e3d/attachment.htm>

More information about the debian-security-tracker-commits mailing list