[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed Apr 13 08:28:24 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f09e2ead by Neil Williams at 2022-04-13T08:28:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66240,7 +66240,7 @@ CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent
 CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...)
 	NOT-FOR-US: emlog
 CVE-2021-30080 (An issue was discovered in the route lookup process in beego through 2 ...)
-	TODO: check
+	NOT-FOR-US: Beego
 CVE-2021-30079
 	RESERVED
 CVE-2021-30078
@@ -73587,9 +73587,9 @@ CVE-2021-27119
 CVE-2021-27118
 	RESERVED
 CVE-2021-27117 (An issue was discovered in file profile.go in function GetCPUProfile i ...)
-	TODO: check
+	NOT-FOR-US: Beego
 CVE-2021-27116 (An issue was discovered in file profile.go in function MemProf in beeg ...)
-	TODO: check
+	NOT-FOR-US: Beego
 CVE-2021-27115
 	RESERVED
 CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within  ...)
@@ -76202,15 +76202,15 @@ CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6
 	NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b
 CVE-2021-26116 (An improper neutralization of special elements used in an OS command v ...)
-	TODO: check
+	NOT-FOR-US: FortiAuthenticator
 CVE-2021-26115
 	RESERVED
 CVE-2021-26114 (Multiple improper neutralization of special elements used in an SQL co ...)
-	TODO: check
+	NOT-FOR-US: FortiWAN
 CVE-2021-26113 (A use of a one-way hash with a predictable salt vulnerability [CWE-760 ...)
-	TODO: check
+	NOT-FOR-US: FortiWAN
 CVE-2021-26112 (Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in ...)
-	TODO: check
+	NOT-FOR-US: FortiWAN
 CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in  ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-26110 (An improper access control vulnerability [CWE-284] in FortiOS autod da ...)
@@ -76226,7 +76226,7 @@ CVE-2021-26106 (An improper neutralization of special elements used in an OS Com
 CVE-2021-26105
 	RESERVED
 CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the command  ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-26102
@@ -81138,7 +81138,7 @@ CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8
 CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
 	NOT-FOR-US: FortiSandbox
 CVE-2021-24009 (Multiple improper neutralization of special elements used in an OS com ...)
-	TODO: check
+	NOT-FOR-US: FortiWAN
 CVE-2021-24008
 	RESERVED
 CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...)
@@ -85673,7 +85673,7 @@ CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in th
 CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal  ...)
 	NOT-FOR-US: FortiProxy SSL VPN portal
 CVE-2021-22127 (An improper input validation vulnerability in FortiClient for Linux 6. ...)
-	TODO: check
+	NOT-FOR-US: FortiClient
 CVE-2021-22126
 	RESERVED
 CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...)
@@ -85834,7 +85834,7 @@ CVE-2021-22057 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain
 CVE-2021-22056 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity M ...)
 	NOT-FOR-US: VMware
 CVE-2021-22055 (The SchedulerServer in Vmware photon allows remote attackers to inject ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
 	NOT-FOR-US: VMware
 CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
@@ -100763,7 +100763,7 @@ CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of boun
 	- linux <not-affected> (Android-specific xt_qtaguid code)
 	NOTE: https://source.android.com/security/bulletin/2021-09-01
 CVE-2021-0694 (In setServiceForegroundInnerLocked of ActiveServices.java, there is a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-0693 (In openFile of HeapDumpProvider.java, there is a possible way to retri ...)
 	NOT-FOR-US: Android
 CVE-2021-0692 (In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a p ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09e2ead118409562ee1b124be3b424c5dc11eb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f09e2ead118409562ee1b124be3b424c5dc11eb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220413/a91aba01/attachment.htm>

More information about the debian-security-tracker-commits mailing list