[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 17 09:28:06 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3318ab17 by Moritz Muehlenhoff at 2021-09-17T10:27:40+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2021-41313
 	RESERVED
 CVE-2021-41312
@@ -21,11 +21,11 @@ CVE-2021-41305
 CVE-2021-41304
 	RESERVED
 CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web  ...)
-	TODO: check
+	NOT-FOR-US: adminlte
 CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web  ...)
-	TODO: check
+	NOT-FOR-US: adminlte
 CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...)
-	TODO: check
+	NOT-FOR-US: code-server
 CVE-2021-3809
 	RESERVED
 CVE-2021-3808
@@ -76,7 +76,7 @@ CVE-2021-41287
 CVE-2021-41286
 	RESERVED
 CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...)
-	TODO: check
+	NOT-FOR-US: NervJS Taro
 CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...)
 	- openssh <unfixed> (unimportant)
 	NOTE: https://github.com/openssh/openssh-portable/pull/270
@@ -500,7 +500,7 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1
 	NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44)
 	NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64)
 CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...)
-	TODO: check
+	NOT-FOR-US: nth-check
 CVE-2021-3802
 	RESERVED
 CVE-2021-41078
@@ -4781,7 +4781,7 @@ CVE-2021-39209 (GLPI is a free Asset and IT management software package. In vers
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...)
-	TODO: check
+	NOT-FOR-US: SharpCompress
 CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...)
 	NOT-FOR-US: Facebook ParlAI
 CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
@@ -33503,9 +33503,9 @@ CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impa
 CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...)
 	NOT-FOR-US: D-Link
 CVE-2021-27341 (OpenSIS Community Edition version <= 7.6 is affected by a local fil ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2021-27340 (OpenSIS Community Edition version <= 7.6 is affected by a reflected ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2021-27339
 	RESERVED
 CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ page and it ...)
@@ -50622,13 +50622,13 @@ CVE-2021-20830
 CVE-2021-20829
 	RESERVED
 CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE plugin
 CVE-2021-20827
 	RESERVED
 CVE-2021-20826
 	RESERVED
 CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE plugin
 CVE-2021-20824
 	RESERVED
 CVE-2021-20823
@@ -50696,9 +50696,9 @@ CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Aud
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions  ...)
 	NOT-FOR-US: Quiz And Survey Master
 CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...)
-	TODO: check
+	NOT-FOR-US: RevoWorks Browser
 CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...)
-	TODO: check
+	NOT-FOR-US: RevoWorks Browser
 CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...)
 	NOT-FOR-US: GroupSession
 CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...)
@@ -94920,7 +94920,7 @@ CVE-2020-14126
 CVE-2020-14125
 	RESERVED
 CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2020-14123
 	RESERVED
 CVE-2020-14122



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318ab17a2a00c0b89035a9446b591932e260388

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318ab17a2a00c0b89035a9446b591932e260388
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210917/8989ec8c/attachment.htm>

More information about the debian-security-tracker-commits mailing list