[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 21 21:46:45 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5674efb by Salvatore Bonaccorso at 2021-09-21T22:45:30+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2021-41527
 CVE-2021-41526
 	RESERVED
 CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
-	TODO: check
+	NOT-FOR-US: FlexNet
 CVE-2021-3821
 	RESERVED
 CVE-2021-3820
@@ -976,7 +976,7 @@ CVE-2021-41086
 CVE-2021-41085
 	RESERVED
 CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...)
-	TODO: check
+	NOT-FOR-US: Http4s
 CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...)
 	NOT-FOR-US: Dada Mail
 CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...)
@@ -1428,7 +1428,7 @@ CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-18
 CVE-2021-40869
 	RESERVED
 CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: Cloudron
 CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...)
 	NOT-FOR-US: Netgear
 CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...)
@@ -1495,7 +1495,7 @@ CVE-2021-40849
 CVE-2021-40848
 	RESERVED
 CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2021-40846
 	RESERVED
 CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...)
@@ -5283,9 +5283,9 @@ CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SC
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
 CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...)
-	TODO: check
+	NOT-FOR-US: Butter
 CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...)
-	TODO: check
+	NOT-FOR-US: Apprise
 CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...)
 	NOT-FOR-US: Tremor event processing (different from Vorbis Tremor)
 CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache  ...)
@@ -8779,7 +8779,7 @@ CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows St
 CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...)
 	NOT-FOR-US: MISP
 CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine
 CVE-2021-37740
 	RESERVED
 CVE-2021-37739
@@ -9469,7 +9469,7 @@ CVE-2021-37426
 CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...)
 	NOT-FOR-US: Altova MobileTogether Server
 CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine
 CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...)
@@ -9477,9 +9477,9 @@ CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerabl
 CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoo ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine
 CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine
 CVE-2021-37418
 	REJECTED
 CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...)
@@ -30279,7 +30279,7 @@ CVE-2021-28962
 CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
 	NOT-FOR-US: DDNS package for OpenWrt
 CVE-2021-28960 (ManageEngine Desktop Central before build 10.0.683 allows Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine
 CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...)
@@ -51340,7 +51340,7 @@ CVE-2021-20831
 CVE-2021-20830
 	RESERVED
 CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
 	NOT-FOR-US: EC-CUBE plugin
 CVE-2021-20827
@@ -53629,7 +53629,7 @@ CVE-2021-20039
 CVE-2021-20038
 	RESERVED
 CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incor ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2021-20036
 	RESERVED
 CVE-2021-20035



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5674efb404a858ede15524c4b47d1d42eb8c86c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5674efb404a858ede15524c4b47d1d42eb8c86c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210921/0f3247b0/attachment.htm>

More information about the debian-security-tracker-commits mailing list