[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 19 21:23:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a4727f6 by Salvatore Bonaccorso at 2021-10-19T22:23:05+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2188,11 +2188,11 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...)
CVE-2021-3880
RESERVED
CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2021-42262
RESERVED
CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...)
- TODO: check
+ NOT-FOR-US: Revisor Video Management System (VMS)
CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...)
- tinyxml <unfixed>
NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
@@ -2779,7 +2779,7 @@ CVE-2021-42012
CVE-2021-42011
RESERVED
CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2021-42010
RESERVED
CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
@@ -2872,7 +2872,7 @@ CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thu
CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...)
NOT-FOR-US: Tad Book3
CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2021-3857
RESERVED
CVE-2021-41973
@@ -3146,7 +3146,7 @@ CVE-2021-41852
CVE-2021-41851
RESERVED
CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...)
- TODO: check
+ NOT-FOR-US: firefly-iii
CVE-2021-3850
RESERVED
CVE-2021-3849
@@ -3189,7 +3189,7 @@ CVE-2021-3847 [low-privileged user privileges escalation]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704
NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3
CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...)
- TODO: check
+ NOT-FOR-US: firefly-iii
CVE-2021-23139
RESERVED
CVE-2021-3845
@@ -8880,7 +8880,7 @@ CVE-2021-39357
CVE-2021-39356
RESERVED
CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39354
RESERVED
CVE-2021-39353
@@ -8904,7 +8904,7 @@ CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scri
CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39341
@@ -8932,7 +8932,7 @@ CVE-2021-39331
CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39328
RESERVED
CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
@@ -11040,55 +11040,55 @@ CVE-2021-38488
CVE-2021-38487
RESERVED
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38485
RESERVED
CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38483
RESERVED
CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38481
RESERVED
CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38479
RESERVED
CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38477
RESERVED
CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38475
RESERVED
CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38473
RESERVED
CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38471
RESERVED
CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38469
RESERVED
CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38467
RESERVED
CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38465
RESERVED
CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38463
RESERVED
CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
- TODO: check
+ NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38461
RESERVED
CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
@@ -14927,7 +14927,7 @@ CVE-2021-36834
CVE-2021-36833
RESERVED
CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin ̵ ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugins
CVE-2021-36831
RESERVED
CVE-2021-36830
@@ -21539,7 +21539,7 @@ CVE-2021-33990
CVE-2021-33989
RESERVED
CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2 ...)
- TODO: check
+ NOT-FOR-US: Microweber CMS
CVE-2021-33987
RESERVED
CVE-2021-33986
@@ -24886,9 +24886,9 @@ CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messa
CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
NOT-FOR-US: wire-ios (iOS version of Wire)
CVE-2021-32664 (Combodo iTop is an open source web based IT Service Management tool. I ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-32663 (iTop is an open source web based IT Service Management tool. In affect ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...)
NOT-FOR-US: Backstage
CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...)
@@ -28374,11 +28374,11 @@ CVE-2021-31360 (An improper privilege management vulnerability in the Juniper Ne
CVE-2021-31359 (A local privilege escalation vulnerability in Juniper Networks Junos O ...)
NOT-FOR-US: Juniper
CVE-2021-31358 (A command injection vulnerability in sftp command processing on Junipe ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2021-31357 (A command injection vulnerability in tcpdump command processing on Jun ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2021-31356 (A command injection vulnerability in command processing on Juniper Net ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2021-31355 (A persistent cross-site scripting (XSS) vulnerability in the captive p ...)
NOT-FOR-US: Juniper
CVE-2021-31354 (An Out Of Bounds (OOB) access vulnerability in the handling of respons ...)
@@ -39254,7 +39254,7 @@ CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9
CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
NOT-FOR-US: NetApp Cloud Manager
CVE-2021-27001 (Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8 ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2021-27000
RESERVED
CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...)
@@ -40270,7 +40270,7 @@ CVE-2021-26591
CVE-2021-26590
RESERVED
CVE-2021-26589 (A potential security vulnerability has been identified in HPE Superdom ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-26588 (A potential security vulnerability has been identified in HPE 3PAR Sto ...)
NOT-FOR-US: HPE
CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...)
@@ -67762,7 +67762,7 @@ CVE-2021-0300
CVE-2021-0299 (An Improper Handling of Exceptional Conditions vulnerability in the pr ...)
NOT-FOR-US: Juniper
CVE-2021-0298 (A Race Condition in the 'show chassis pic' command in Juniper Networks ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2021-0297 (A vulnerability in the processing of TCP MD5 authentication in Juniper ...)
NOT-FOR-US: Juniper
CVE-2021-0296 (The Juniper Networks CTPView server is not enforcing HTTP Strict Trans ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4727f6aceb015e427cab977a0d713c31d8116e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4727f6aceb015e427cab977a0d713c31d8116e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211019/aef9e907/attachment.htm>
More information about the debian-security-tracker-commits
mailing list