[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 7 21:27:52 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f230f7f by Salvatore Bonaccorso at 2021-09-07T22:27:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -296,7 +296,7 @@ CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits co
 	[buster] - ulfius <no-dsa> (Minor issue)
 	NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa
 CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-40538
 	RESERVED
 CVE-2021-40537
@@ -3092,7 +3092,7 @@ CVE-2021-39287
 CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...)
 	NOT-FOR-US: Webrecorder pywb
 CVE-2021-39285 (A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8 ...)
-	TODO: check
+	NOT-FOR-US: Versa
 CVE-2021-39284
 	RESERVED
 CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...)
@@ -3364,9 +3364,9 @@ CVE-2021-39198
 CVE-2021-39197 (better_errors is an open source replacement for the standard Rails err ...)
 	TODO: check
 CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In affected ...)
-	TODO: check
+	NOT-FOR-US: pcapture
 CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2021-39194
 	RESERVED
 CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit  ...)
@@ -4602,11 +4602,11 @@ CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controlla
 CVE-2021-38618
 	RESERVED
 CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...)
-	TODO: check
+	NOT-FOR-US: Eigen
 CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...)
-	TODO: check
+	NOT-FOR-US: Eigen
 CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...)
-	TODO: check
+	NOT-FOR-US: Eigen
 CVE-2021-3705
 	RESERVED
 CVE-2021-3704
@@ -5783,7 +5783,7 @@ CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-priv
 CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...)
 	NOT-FOR-US: Form Tools
 CVE-2021-38142 (Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and  ...)
-	TODO: check
+	NOT-FOR-US: Barco MirrorOp Windows Sender
 CVE-2021-38141
 	RESERVED
 CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...)
@@ -6694,41 +6694,41 @@ CVE-2021-37735
 CVE-2021-37734
 	RESERVED
 CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37732
 	RESERVED
 CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37730
 	RESERVED
 CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37727
 	RESERVED
 CVE-2021-37726
 	RESERVED
 CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37723 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37722 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37721 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37720 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37719 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37718 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37717 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
 	NOT-FOR-US: Aruba
 CVE-2021-3671
@@ -9060,7 +9060,7 @@ CVE-2021-36698
 CVE-2021-36697
 	RESERVED
 CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
-	TODO: check
+	NOT-FOR-US: Deskpro
 CVE-2021-36695
 	RESERVED
 CVE-2021-36694



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f230f7ffc0f536283dccba82378193136a0eb08

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f230f7ffc0f536283dccba82378193136a0eb08
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210907/ae6845d0/attachment.htm>

More information about the debian-security-tracker-commits mailing list