[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 15 21:48:10 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f344687c by Salvatore Bonaccorso at 2021-10-15T22:47:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1491,21 +1491,21 @@ CVE-2021-42338
 CVE-2021-42337
 	RESERVED
 CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission  ...)
-	TODO: check
+	NOT-FOR-US: Easytest
 CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...)
-	TODO: check
+	NOT-FOR-US: Easytest
 CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...)
-	TODO: check
+	NOT-FOR-US: Easytest
 CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...)
-	TODO: check
+	NOT-FOR-US: Easytest
 CVE-2021-42332 (The “List View” function of ShinHer StudyOnline System is  ...)
-	TODO: check
+	NOT-FOR-US: ShinHer StudyOnline System
 CVE-2021-42331 (The “Study Edit” function of ShinHer StudyOnline System do ...)
-	TODO: check
+	NOT-FOR-US: ShinHer StudyOnline System
 CVE-2021-42330 (The “Teacher Edit” function of ShinHer StudyOnline System  ...)
-	TODO: check
+	NOT-FOR-US: ShinHer StudyOnline System
 CVE-2021-42329 (The “List_Add” function of message board of ShinHer StudyO ...)
-	TODO: check
+	NOT-FOR-US: ShinHer StudyOnline System
 CVE-2022-20111
 	RESERVED
 CVE-2022-20110
@@ -2174,7 +2174,7 @@ CVE-2021-42111
 CVE-2021-42110
 	RESERVED
 CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2021-3873
 	RESERVED
 CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
@@ -3998,7 +3998,7 @@ CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to
 CVE-2021-41321
 	RESERVED
 CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...)
-	TODO: check
+	NOT-FOR-US: Wallstreet Suite TRM
 CVE-2021-41319
 	RESERVED
 CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
@@ -4384,9 +4384,9 @@ CVE-2021-41150
 CVE-2021-41149
 	RESERVED
 CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2021-41146
 	RESERVED
 CVE-2021-41145
@@ -4724,33 +4724,33 @@ CVE-2021-41001
 CVE-2021-41000
 	RESERVED
 CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-3800
 	RESERVED
 CVE-2021-40985
@@ -5358,13 +5358,13 @@ CVE-2021-40733
 CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
 	NOT-FOR-US: Adobe
 CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40727
 	RESERVED
 CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
@@ -5372,15 +5372,15 @@ CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
 CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40723
 	RESERVED
 CVE-2021-40722
 	RESERVED
 CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a reflected  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40719
 	RESERVED
 CVE-2021-40718
@@ -7372,7 +7372,7 @@ CVE-2021-39866 (A business logic error in the project deletion process in GitLab
 CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
@@ -8544,7 +8544,7 @@ CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated
 CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39348
 	RESERVED
 CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
@@ -8552,9 +8552,9 @@ CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capabil
 CVE-2021-39346
 	RESERVED
 CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39343
 	RESERVED
 CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
@@ -8566,19 +8566,19 @@ CVE-2021-39340
 CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39333
 	RESERVED
 CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-39331
 	RESERVED
 CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
@@ -10798,9 +10798,9 @@ CVE-2021-38434
 CVE-2021-38433
 	RESERVED
 CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...)
-	TODO: check
+	NOT-FOR-US: FATEK Automation Communication Server
 CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-38430
 	RESERVED
 CVE-2021-38429
@@ -12549,13 +12549,13 @@ CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication R
 CVE-2021-37740
 	RESERVED
 CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...)
 	NOT-FOR-US: Aruba
 CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...)
@@ -204453,9 +204453,9 @@ CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils befo
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
 CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain  ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...)
 	NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
 CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344687cd412f5a79c334f1413f0fb6616da8ad2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f344687cd412f5a79c334f1413f0fb6616da8ad2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211015/b0aee977/attachment.htm>


More information about the debian-security-tracker-commits mailing list