[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 28 21:23:26 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dd5d16e by Salvatore Bonaccorso at 2021-09-28T22:23:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -500,21 +500,21 @@ CVE-2021-41542
 CVE-2021-41541
 	RESERVED
 CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41538 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41535 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41534 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41533 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41532
 	RESERVED
 CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if  ...)
@@ -958,7 +958,7 @@ CVE-2021-41320
 CVE-2021-41319
 	RESERVED
 CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
-	TODO: check
+	NOT-FOR-US: Progress WhatsUp Gold
 CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...)
 	NOT-FOR-US: XSS Hunter Express
 CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...)
@@ -1426,7 +1426,7 @@ CVE-2021-41106
 CVE-2021-41105
 	RESERVED
 CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
-	TODO: check
+	NOT-FOR-US: ESPHome
 CVE-2021-41103
 	RESERVED
 CVE-2021-41102
@@ -7925,7 +7925,7 @@ CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute a
 CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...)
 	NOT-FOR-US: National Instruments NI-PAL driver
 CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...)
-	TODO: check
+	NOT-FOR-US: Sureline SUREedge Migrator
 CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
 	NOT-FOR-US: Newsletter extension for TYPO3
 CVE-2021-38301
@@ -10366,7 +10366,7 @@ CVE-2021-37275
 CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...)
 	NOT-FOR-US: Kingdee KIS Professional Edition
 CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...)
-	TODO: check
+	NOT-FOR-US: Tianyi Gateway
 CVE-2021-37272
 	RESERVED
 CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...)
@@ -10749,11 +10749,11 @@ CVE-2021-37108
 CVE-2021-37107
 	RESERVED
 CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...)
-	TODO: check
+	NOT-FOR-US: FusionCompute (Huawei)
 CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...)
-	TODO: check
+	NOT-FOR-US: FusionCompute (Huawei)
 CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37103
 	RESERVED
 CVE-2021-37102
@@ -12441,13 +12441,13 @@ CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session eve
 	[stretch] - putty <no-dsa> (Minor issue)
 	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
 CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-36362
 	RESERVED
 CVE-2021-36361
@@ -12884,7 +12884,7 @@ CVE-2021-36167
 CVE-2021-36166
 	RESERVED
 CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
-	TODO: check
+	NOT-FOR-US: RICON Industrial Cellular Router
 CVE-2021-36164
 	RESERVED
 CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...)
@@ -16469,7 +16469,7 @@ CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager
 CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...)
@@ -18888,9 +18888,9 @@ CVE-2021-33603
 CVE-2021-33602
 	RESERVED
 CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...)
 	NOT-FOR-US: F-Secure Antivirus
 CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...)
@@ -29945,25 +29945,25 @@ CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows co
 CVE-2021-29368
 	RESERVED
 CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing a craft ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanvi ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanvie ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanvie ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfa ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfa ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29359
 	RESERVED
 CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...)
 	NOT-FOR-US: OutSystems Platform Server
 CVE-2021-29356



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd5d16e31acc7f1452609455584fa72002d5cf4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd5d16e31acc7f1452609455584fa72002d5cf4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210928/5da993fa/attachment.htm>


More information about the debian-security-tracker-commits mailing list