[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 30 21:24:02 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bed6da08 by Salvatore Bonaccorso at 2021-09-30T22:23:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -241,7 +241,7 @@ CVE-2021-41731
 CVE-2021-41730
 	RESERVED
 CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)
-	TODO: check
+	NOT-FOR-US: BaiCloud-cms
 CVE-2021-41728
 	RESERVED
 CVE-2021-41727
@@ -1172,35 +1172,35 @@ CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring B
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
 	TODO: check
 CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41300 (ECOA BAS controller’s special page displays user account and pas ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...)
-	TODO: check
+	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41289
 	RESERVED
 CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41287
 	RESERVED
 CVE-2021-41286
@@ -15367,21 +15367,21 @@ CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before
 CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
 	NOT-FOR-US: Gitpod
 CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: NETSCOUT
 CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and  ...)
 	- mediawiki 1:1.35.3-1
 	[bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bed6da083da804fd52743c0ce0090fbf0233c017

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bed6da083da804fd52743c0ce0090fbf0233c017
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210930/53f587fc/attachment.htm>

More information about the debian-security-tracker-commits mailing list