[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 8 21:24:55 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5e6bf74 by Salvatore Bonaccorso at 2021-09-08T22:23:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -916,7 +916,7 @@ CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_
 CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
 	NOT-FOR-US: Compro devices
 CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools
 CVE-2021-40376
 	RESERVED
 CVE-2021-40375
@@ -5362,7 +5362,7 @@ CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/H
 CVE-2021-38389
 	RESERVED
 CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...)
-	TODO: check
+	NOT-FOR-US: Central Dogma
 CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
 	NOT-FOR-US: Contiki
 CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote  ...)
@@ -9320,7 +9320,7 @@ CVE-2021-36697
 CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
 	NOT-FOR-US: Deskpro
 CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
-	TODO: check
+	NOT-FOR-US: Deskpro
 CVE-2021-36694
 	RESERVED
 CVE-2021-36693
@@ -10345,9 +10345,9 @@ CVE-2021-36218
 CVE-2021-36217
 	REJECTED
 CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...)
-	TODO: check
+	NOT-FOR-US: LINE for Windows
 CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...)
-	TODO: check
+	NOT-FOR-US: LINE client for iOS
 CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...)
 	NOT-FOR-US: LINE client for iOS
 CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...)
@@ -10417,13 +10417,13 @@ CVE-2021-36184
 CVE-2021-36183
 	RESERVED
 CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-36181
 	RESERVED
 CVE-2021-36180
 	RESERVED
 CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and  ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-36178
 	RESERVED
 CVE-2021-36177
@@ -11966,7 +11966,7 @@ CVE-2021-35528
 CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...)
 	NOT-FOR-US: Hitachi ABB Power Grids eSOMS
 CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...)
-	TODO: check
+	NOT-FOR-US: Hitachi ABB Power Grids System Data Manager
 CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()]
 	RESERVED
 	- dcraw <unfixed> (bug #984761)
@@ -12711,7 +12711,7 @@ CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulner
 CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...)
 	NOT-FOR-US: Solarwinds
 CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...)
-	TODO: check
+	NOT-FOR-US: Solarwinds
 CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...)
 	NOT-FOR-US: Solarwinds
 CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
@@ -15474,9 +15474,9 @@ CVE-2021-33984
 CVE-2021-33983
 	RESERVED
 CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...)
-	TODO: check
+	NOT-FOR-US: "Fish | Hunt FL" iOS app
 CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...)
-	TODO: check
+	NOT-FOR-US: "Fish | Hunt FL" iOS app
 CVE-2021-33980
 	RESERVED
 CVE-2021-33979
@@ -22340,7 +22340,7 @@ CVE-2021-31276
 CVE-2021-31275
 	RESERVED
 CVE-2021-31274 (In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in  ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2021-31273
 	RESERVED
 CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...)
@@ -47270,8 +47270,6 @@ CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL inj
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
 CVE-2020-35700 (A second-order SQL injection issue in Widgets/TopDevicesController.php ...)
 	NOT-FOR-US: LibreNMS
-	NOTE: https://github.com/librenms/librenms/releases/tag/21.1.0
-	NOTE: https://github.com/librenms/librenms/pull/12422
 CVE-2020-35699
 	RESERVED
 CVE-2020-35698



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e6bf74cec4a695432a43543939fdd64e02f923

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e6bf74cec4a695432a43543939fdd64e02f923
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210908/1475f6a3/attachment.htm>

More information about the debian-security-tracker-commits mailing list