[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 20 21:44:49 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3885bb9 by Salvatore Bonaccorso at 2021-10-20T22:44:18+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42053,15 +42053,15 @@ CVE-2021-25974
 CVE-2021-25973
 	RESERVED
 CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...)
-	TODO: check
+	NOT-FOR-US: Camaleon CMS
 CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught ...)
-	TODO: check
+	NOT-FOR-US: Camaleon CMS
 CVE-2021-25970 (Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session ...)
-	TODO: check
+	NOT-FOR-US: Camaleon CMS
 CVE-2021-25969 (In “Camaleon CMS” application, versions 0.0.1 to 2.6.0 are ...)
-	TODO: check
+	NOT-FOR-US: Camaleon CMS
 CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a  ...)
-	TODO: check
+	NOT-FOR-US: OpenCMS
 CVE-2021-25967
 	RESERVED
 CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...)
@@ -52057,19 +52057,19 @@ CVE-2021-21751
 CVE-2021-21750
 	RESERVED
 CVE-2021-21749 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21748 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21747 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21746 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21745 (ZTE MF971R product has a Referer authentication bypass vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21744 (ZTE MF971R product has a configuration file control vulnerability. An  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21743 (ZTE MF971R product has a CRLF injection vulnerability. An attacker cou ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21742 (There is an information leak vulnerability in the message service app  ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...)
@@ -59070,29 +59070,29 @@ CVE-2020-29668 (Sympa before 6.2.59b.2 allows remote attackers to obtain full SO
 	NOTE: https://github.com/sympa-community/sympa/issues/1041
 	NOTE: https://github.com/sympa-community/sympa/pull/1044
 CVE-2021-2485 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2484 (Vulnerability in the Oracle Operations Intelligence product of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2483 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2482 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2481 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2021-2480 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2479 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2021-2478 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2021-2477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2476 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2475 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox 6.1.28-dfsg-1
 CVE-2021-2474 (Vulnerability in the Oracle Web Analytics product of Oracle E-Business ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2473
 	RESERVED
 CVE-2021-2472
@@ -59118,7 +59118,7 @@ CVE-2021-2463 (Vulnerability in the Oracle Commerce Platform product of Oracle C
 CVE-2021-2462 (Vulnerability in the Oracle Commerce Service Center product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2021-2461 (Vulnerability in the Oracle Communications Interactive Session Recorde ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2460 (Vulnerability in the Oracle Application Express Data Reporter componen ...)
 	NOT-FOR-US: Oracle
 CVE-2021-2459
@@ -59209,11 +59209,11 @@ CVE-2021-2418 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 CVE-2021-2417 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2021-2416 (Vulnerability in the Oracle Communications Session Border Controller p ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2415 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...)
 	NOT-FOR-US: Oracle
 CVE-2021-2414 (Vulnerability in the Oracle Communications Session Border Controller p ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2413
 	RESERVED
 CVE-2021-2412 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -59399,7 +59399,7 @@ CVE-2021-2334 (Vulnerability in the Oracle Database - Enterprise Edition Data Re
 CVE-2021-2333 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...)
 	NOT-FOR-US: Oracle
 CVE-2021-2332 (Vulnerability in the Oracle LogMiner component of Oracle Database Serv ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2331
 	RESERVED
 CVE-2021-2330 (Vulnerability in the Core RDBMS component of Oracle Database Server. T ...)
@@ -59824,7 +59824,7 @@ CVE-2021-2139
 CVE-2021-2138 (Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook ...)
 	NOT-FOR-US: Oracle
 CVE-2021-2137 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-2136 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2021-2135 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3885bb9aa3d54a37df335dacb9374d3b2e970e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3885bb9aa3d54a37df335dacb9374d3b2e970e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211020/99a72fe5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list