[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 13 21:47:54 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74b42708 by Salvatore Bonaccorso at 2021-10-13T22:47:32+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39182,7 +39182,7 @@ CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protecti
 CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
 	NOT-FOR-US: WinSCP
 CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3329
 	RESERVED
 CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
@@ -39261,11 +39261,11 @@ CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenti
 CVE-2021-3324
 	RESERVED
 CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header  ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...)
@@ -46608,7 +46608,7 @@ CVE-2021-3059
 CVE-2021-3058
 	RESERVED
 CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3056
 	RESERVED
 CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
@@ -49247,13 +49247,13 @@ CVE-2021-22038
 CVE-2021-22037
 	RESERVED
 CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22034
 	RESERVED
 CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22032
 	RESERVED
 CVE-2021-22031
@@ -49455,9 +49455,9 @@ CVE-2021-21943
 CVE-2021-21942
 	RESERVED
 CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21939
 	RESERVED
 CVE-2021-21938
@@ -53801,11 +53801,11 @@ CVE-2021-20836
 CVE-2021-20835
 	RESERVED
 CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Nike App
 CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...)
-	TODO: check
+	NOT-FOR-US: SNKRDUNK Market Place App
 CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...)
-	TODO: check
+	NOT-FOR-US: InBody App
 CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...)
 	TODO: check
 CVE-2021-20830
@@ -53855,31 +53855,31 @@ CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, P
 CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...)
 	- movabletype-opensource <removed>
 CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20794
 	RESERVED
 CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...)
@@ -55668,9 +55668,9 @@ CVE-2021-20133
 CVE-2021-20132
 	RESERVED
 CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication  ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ADManager Plus
 CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication  ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ADManager Plus
 CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...)
 	TODO: check
 CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74b4270833cc35816c6485204cd8cc4074a97fe5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74b4270833cc35816c6485204cd8cc4074a97fe5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211013/9af23ba9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list