[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Oct 14 22:38:12 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d01aa5b by Moritz Muehlenhoff at 2021-10-14T23:37:50+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,7 +45,7 @@ CVE-2021-42371
 CVE-2021-42370
 	RESERVED
 CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows  ...)
-	TODO: check
+	NOT-FOR-US: Imagicle Application Suite
 CVE-2021-42368
 	RESERVED
 CVE-2021-42367
@@ -571,9 +571,9 @@ CVE-2021-42230
 CVE-2021-42229
 	RESERVED
 CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...)
-	TODO: check
+	NOT-FOR-US: KindEditor
 CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...)
-	TODO: check
+	NOT-FOR-US: KindEditor
 CVE-2021-42226
 	RESERVED
 CVE-2021-42225
@@ -3034,7 +3034,7 @@ CVE-2021-41144
 CVE-2021-41143
 	RESERVED
 CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2021-41141
 	RESERVED
 CVE-2021-41140
@@ -3042,7 +3042,7 @@ CVE-2021-41140
 CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
 	NOT-FOR-US: Anuko Time Tracker
 CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...)
-	TODO: check
+	NOT-FOR-US: Frontier
 CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users  ...)
 	TODO: check
 CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
@@ -3054,7 +3054,7 @@ CVE-2021-41135
 CVE-2021-41134
 	RESERVED
 CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...)
-	TODO: check
+	NOT-FOR-US: OMERO.web
 CVE-2021-41131
 	RESERVED
 CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...)
@@ -7219,7 +7219,7 @@ CVE-2021-39332
 CVE-2021-39331
 	RESERVED
 CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39329
 	RESERVED
 CVE-2021-39328
@@ -9650,11 +9650,11 @@ CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected C
 CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...)
@@ -10734,7 +10734,7 @@ CVE-2021-37935
 CVE-2021-37934
 	RESERVED
 CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...)
-	TODO: check
+	NOT-FOR-US: Huntflow Enterprise
 CVE-2021-37932
 	RESERVED
 CVE-2021-3681
@@ -14256,11 +14256,11 @@ CVE-2021-36391
 CVE-2021-36390
 	RESERVED
 CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...)
-	TODO: check
+	NOT-FOR-US: Yellowfin
 CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...)
-	TODO: check
+	NOT-FOR-US: Yellowfin
 CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...)
-	TODO: check
+	NOT-FOR-US: Yellowfin
 CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...)
 	- fetchmail 6.4.16-4 (unimportant)
 	NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
@@ -16411,7 +16411,7 @@ CVE-2021-35500
 CVE-2021-35499
 	RESERVED
 CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...)
@@ -21900,11 +21900,11 @@ CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi compo
 CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...)
 	NOT-FOR-US: Synology
 CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
 	TODO: check
 CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...)
 	NOT-FOR-US: VerneMQ MQTT Broker
 CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...)
@@ -23430,11 +23430,11 @@ CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.
 CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...)
 	NOT-FOR-US: Speco Web Viewer
 CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
-	TODO: check
+	NOT-FOR-US: OSS-RC
 CVE-2021-32570
 	RESERVED
 CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
-	TODO: check
+	NOT-FOR-US: OSS-RC
 CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
 	NOT-FOR-US: mrdoc
 CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...)
@@ -33580,7 +33580,7 @@ CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
 CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...)
-	TODO: check
+	NOT-FOR-US: ilverStripe GraphQL Server
 CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...)
 	{DSA-4875-1}
 	- openssl 1.1.1k-1
@@ -36033,7 +36033,7 @@ CVE-2021-27666
 	RESERVED
 	NOT-FOR-US: Android
 CVE-2021-27665 (An unauthenticated remote user could exploit a potential integer overf ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2021-27664 (Under certain configurations an unauthenticated remote user could be g ...)
 	NOT-FOR-US: exacqVision
 CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d01aa5b6479b15b989641364153ad80df3ff5a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d01aa5b6479b15b989641364153ad80df3ff5a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211014/5eca53dd/attachment.htm>

More information about the debian-security-tracker-commits mailing list