[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 29 21:17:55 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9db915d by Salvatore Bonaccorso at 2021-10-29T22:17:29+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3969,7 +3969,7 @@ CVE-2021-41876
 CVE-2021-41875
 	RESERVED
 CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
 	NOT-FOR-US: Penguin Aurora TV Box 41502
 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
@@ -4297,11 +4297,11 @@ CVE-2021-41750
 CVE-2021-41749
 	RESERVED
 CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
 	NOT-FOR-US: Csdn APP
 CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...)
-	TODO: check
+	NOT-FOR-US: Yonyou TurboCRM
 CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...)
 	NOT-FOR-US: ShowDoc
 CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...)
@@ -4445,11 +4445,11 @@ CVE-2021-41678
 CVE-2021-41677
 	RESERVED
 CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...)
-	TODO: check
+	NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
 CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-41673
 	RESERVED
 CVE-2021-41672
@@ -4505,13 +4505,13 @@ CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC onlin
 CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...)
 	NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App
 CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-41642
 	RESERVED
 CVE-2021-41641
@@ -5527,7 +5527,7 @@ CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasin
 CVE-2021-41190
 	RESERVED
 CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...)
-	TODO: check
+	NOT-FOR-US: DSpace
 CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...)
 	NOT-FOR-US: Shopware
 CVE-2021-41187
@@ -10341,7 +10341,7 @@ CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior
 CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...)
 	NOT-FOR-US: OpenOLAT
 CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...)
-	TODO: check
+	NOT-FOR-US: DHIS 2
 CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...)
 	NOT-FOR-US: next.js
 CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...)
@@ -14631,7 +14631,7 @@ CVE-2021-37404
 CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...)
 	NOT-FOR-US: firefly-iii
 CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-3661
 	RESERVED
 CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
@@ -19726,11 +19726,11 @@ CVE-2021-35239 (A security researcher found a user with Orion map manage rights
 CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...)
 	NOT-FOR-US: Solarwinds
 CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...)
-	TODO: check
+	NOT-FOR-US: Kiwi Syslog Server
 CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...)
 	NOT-FOR-US: SolarWinds
 CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server  ...)
-	TODO: check
+	NOT-FOR-US: Kiwi Syslog Server
 CVE-2021-35234
 	RESERVED
 CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server  ...)
@@ -28019,7 +28019,7 @@ CVE-2021-31863 (Insufficient input validation in the Git repository integration
 	NOTE: https://www.redmine.org/news/131
 	NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962
 CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter withou ...)
-	TODO: check
+	NOT-FOR-US: SysAid
 CVE-2021-31861
 	RESERVED
 CVE-2021-31860
@@ -28682,13 +28682,13 @@ CVE-2021-31629
 CVE-2021-31628
 	RESERVED
 CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2021-31626
 	RESERVED
 CVE-2021-31625
 	RESERVED
 CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2021-31623
 	RESERVED
 CVE-2021-31622



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9db915dc46ed218882a811da438d8d222642bd8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9db915dc46ed218882a811da438d8d222642bd8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211029/7fab7a16/attachment.htm>

More information about the debian-security-tracker-commits mailing list