[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 24 10:27:44 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
264a1cba by Moritz Muehlenhoff at 2021-09-24T11:27:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2021-41585
 	RESERVED
 CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a  ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...)
-	TODO: check
+	NOT-FOR-US: vpn-user-portal
 CVE-2021-41582
 	RESERVED
 CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...)
@@ -55,7 +55,7 @@ CVE-2021-41561
 CVE-2021-3825
 	RESERVED
 CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN Access Server
 CVE-2021-3823
 	RESERVED
 CVE-2021-3822
@@ -1062,7 +1062,7 @@ CVE-2021-41088 (Elvish is a programming language and interactive shell, combined
 CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...)
 	TODO: check
 CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...)
-	TODO: check
+	NOT-FOR-US: jsuites
 CVE-2021-41085
 	RESERVED
 CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...)
@@ -19950,7 +19950,7 @@ CVE-2021-33001
 CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
 	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while  ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32998
 	RESERVED
 CVE-2021-32997
@@ -19974,7 +19974,7 @@ CVE-2021-32989
 CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
 	NOT-FOR-US: FATEK Automation WinProladder
 CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command  ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32986
 	RESERVED
 CVE-2021-32985
@@ -19990,7 +19990,7 @@ CVE-2021-32981
 CVE-2021-32980
 	RESERVED
 CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32978
 	RESERVED
 CVE-2021-32977
@@ -20006,7 +20006,7 @@ CVE-2021-32973
 CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
 	NOT-FOR-US: Panasonic
 CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command  ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32970
 	RESERVED
 CVE-2021-32969
@@ -20022,7 +20022,7 @@ CVE-2021-32965
 CVE-2021-32964
 	RESERVED
 CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32962
 	RESERVED
 CVE-2021-32961
@@ -20030,7 +20030,7 @@ CVE-2021-32961
 CVE-2021-32960
 	RESERVED
 CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...)
-	TODO: check
+	NOT-FOR-US: Suitelink
 CVE-2021-32958
 	RESERVED
 CVE-2021-32957
@@ -22699,7 +22699,7 @@ CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on
 	NOTE: https://github.com/Yubico/pam-u2f/issues/175
 	NOTE: Support for PIN verification introduced in 1.1.0.
 CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...)
-	TODO: check
+	NOT-FOR-US: Ping Identity PingAccess
 CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...)
 	NOT-FOR-US: Pulse Secure
 CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
@@ -35759,7 +35759,7 @@ CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating syst
 CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...)
 	NOT-FOR-US: NeDi
 CVE-2021-26750 (DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Pa ...)
-	TODO: check
+	NOT-FOR-US: Panda Agent
 CVE-2021-26749
 	RESERVED
 CVE-2021-26748
@@ -44748,7 +44748,7 @@ CVE-2021-22954
 CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
-	TODO: check
+	NOT-FOR-US: UniFI Talk
 CVE-2021-22951
 	RESERVED
 CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...)
@@ -44756,7 +44756,7 @@ CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing at
 CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver < ...)
-	TODO: check
+	NOT-FOR-US: revive-adserver
 CVE-2021-22947 [STARTTLS protocol injection via MITM]
 	RESERVED
 	- curl <unfixed>
@@ -72969,7 +72969,7 @@ CVE-2020-24329
 CVE-2020-24328
 	RESERVED
 CVE-2020-24327 (Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2020-24326
 	RESERVED
 CVE-2020-24325
@@ -74726,7 +74726,7 @@ CVE-2020-23480
 CVE-2020-23479
 	RESERVED
 CVE-2020-23478 (Leo Editor v6.2.1 was discovered to contain a regular expression denia ...)
-	TODO: check
+	NOT-FOR-US: Leo Editor
 CVE-2020-23477
 	RESERVED
 CVE-2020-23476
@@ -82202,11 +82202,11 @@ CVE-2020-19953
 CVE-2020-19952
 	RESERVED
 CVE-2020-19951 (A cross-site request forgery (CSRF) in /controller/pay.class.php of Yz ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the /banner/add.html com ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-19949 (A cross-site scripting (XSS) vulnerability in the /link/add.html compo ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-19948
 	RESERVED
 CVE-2020-19947
@@ -89117,7 +89117,7 @@ CVE-2020-16632 (A XSS Vulnerability in /uploads/dede/action_search.php in DedeCM
 CVE-2020-16631
 	RESERVED
 CVE-2020-16630 (TI’s BLE stack caches and reuses the LTK’s property for a  ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...)
 	NOT-FOR-US: PhpOK
 CVE-2020-16628



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/264a1cba7b8f530e8ee0fe7f296ebea8617ddf43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/264a1cba7b8f530e8ee0fe7f296ebea8617ddf43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210924/8ab0bd33/attachment.htm>

More information about the debian-security-tracker-commits mailing list