[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 27 21:56:53 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0255c233 by Salvatore Bonaccorso at 2021-10-27T22:56:23+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -419,7 +419,7 @@ CVE-2021-3902
 CVE-2021-3901
 	RESERVED
 CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: firefly-iii
 CVE-2021-42852
 	RESERVED
 CVE-2021-42851
@@ -3866,7 +3866,7 @@ CVE-2021-41874
 CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
 	NOT-FOR-US: Penguin Aurora TV Box 41502
 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
-	TODO: check
+	NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
 CVE-2021-41871
 	RESERVED
 CVE-2021-41870
@@ -7983,7 +7983,7 @@ CVE-2021-40127
 CVE-2021-40126
 	RESERVED
 CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-40124
 	RESERVED
 CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -7997,15 +7997,15 @@ CVE-2021-40120
 CVE-2021-40119
 	RESERVED
 CVE-2021-40118 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-40115
 	RESERVED
 CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-40113
 	RESERVED
 CVE-2021-40112
@@ -11921,7 +11921,7 @@ CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Manage
 CVE-2021-38451 (The affected product’s proprietary protocol CSC allows for calli ...)
 	NOT-FOR-US: AUVESY
 CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...)
-	TODO: check
+	NOT-FOR-US: Trane
 CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
 	NOT-FOR-US: AUVESY
 CVE-2021-38448
@@ -13581,17 +13581,17 @@ CVE-2021-37810
 CVE-2021-37809
 	RESERVED
 CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com News Por ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com Online  ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2021-37806 (An SQL Injection vulnerability exists in https://phpgurukul.com Vehicl ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodes ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodeste Vehicle Parking Management System
 CVE-2021-37804
 	RESERVED
 CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online Covid V ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Online Covid Vaccination Scheduler System
 CVE-2021-37802
 	RESERVED
 CVE-2021-37801
@@ -14896,7 +14896,7 @@ CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side R
 CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...)
 	NOT-FOR-US: RCDCAP
 CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer Relation ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Customer Relationship Management System
 CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...)
 	- mupdf 1.17.0+ds1-2 (bug #991402)
 	[buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
@@ -20593,21 +20593,21 @@ CVE-2021-34796
 CVE-2021-34795
 	RESERVED
 CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive Security Ap ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule processing  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
@@ -20615,11 +20615,11 @@ CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Applicati
 CVE-2021-34784
 	RESERVED
 CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow  ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34781 (A vulnerability in the processing of SSH connections for multi-instanc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
@@ -20653,13 +20653,13 @@ CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On
 CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an  ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco Firepow ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD) Software could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco TelePre ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -20669,11 +20669,11 @@ CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence C
 CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-34753
 	RESERVED
 CVE-2021-34752
@@ -21078,7 +21078,7 @@ CVE-2021-34582
 CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in  ...)
 	NOT-FOR-US: WAGO
 CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can  ...)
-	TODO: check
+	NOT-FOR-US: MB connect line
 CVE-2021-34579
 	RESERVED
 CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...)
@@ -41099,13 +41099,13 @@ CVE-2021-26612
 CVE-2021-26611
 	RESERVED
 CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
-	TODO: check
+	NOT-FOR-US: godomall5
 CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...)
 	NOT-FOR-US: handysoft
 CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of NEXACRO17 ...)
-	TODO: check
+	NOT-FOR-US: NEXACRO17
 CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...)
 	NOT-FOR-US: Dream Security
 CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...)
@@ -76583,7 +76583,7 @@ CVE-2020-24934
 CVE-2020-24933
 	RESERVED
 CVE-2020-24932 (An SQL Injection vulnerability exists in Sourcecodester Complaint Mana ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2020-24931
 	RESERVED
 CVE-2020-24930 (Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open ...)
@@ -84654,7 +84654,7 @@ CVE-2020-21252
 CVE-2020-21251
 	RESERVED
 CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...)
-	TODO: check
+	NOT-FOR-US: CSZ CMS
 CVE-2020-21249
 	RESERVED
 CVE-2020-21248



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0255c233e22afc42e1cda18f547068e81183b676

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0255c233e22afc42e1cda18f547068e81183b676
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211027/88041dce/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list