[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 15 21:18:52 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b75b3e3f by Salvatore Bonaccorso at 2021-09-15T22:18:25+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17353,37 +17353,37 @@ CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to re
 CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by  ...)
 	NOT-FOR-US: InfraBox
 CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...)
 	NOT-FOR-US: NetWeaver
 CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...)
 	NOT-FOR-US: NetWeaver
 CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...)
 	NOT-FOR-US: Android
 CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-33689 (When user with insufficient privileges tries to access any application ...)
 	NOT-FOR-US: SAP
 CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...)
@@ -27453,7 +27453,7 @@ CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud
 CVE-2021-29774
 	RESERVED
 CVE-2021-29773 (IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-29772 (IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potenti ...)
 	NOT-FOR-US: IBM
 CVE-2021-29771
@@ -27499,7 +27499,7 @@ CVE-2021-29752
 CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
 	NOT-FOR-US: IBM
 CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...)
 	NOT-FOR-US: IBM
 CVE-2021-29748
@@ -51293,7 +51293,7 @@ CVE-2021-20435
 CVE-2021-20434
 	RESERVED
 CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...)
 	NOT-FOR-US: IBM
 CVE-2021-20431 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not inv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75b3e3f187e53cc388d42619542d34ea0db2642

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75b3e3f187e53cc388d42619542d34ea0db2642
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210915/b6368605/attachment.htm>

More information about the debian-security-tracker-commits mailing list