[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 6 20:33:45 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03fd6f6c by Salvatore Bonaccorso at 2022-01-06T21:33:05+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1649,7 +1649,7 @@ CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive infor
 CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
 	NOT-FOR-US: Bitmask Riseup VPN
 CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
 	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -2277,9 +2277,9 @@ CVE-2021-45747
 CVE-2021-45746
 	RESERVED
 CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2021-45743
 	RESERVED
 CVE-2021-45742
@@ -6179,7 +6179,7 @@ CVE-2021-44586
 CVE-2021-44585
 	RESERVED
 CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2021-44583
 	RESERVED
 CVE-2021-44582
@@ -6833,7 +6833,7 @@ CVE-2021-44353
 CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
 	NOT-FOR-US: Tenda
 CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...)
-	TODO: check
+	NOT-FOR-US: NavigateCMS
 CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via  ...)
 	NOT-FOR-US: ThinkPHP5
 CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
@@ -9641,7 +9641,7 @@ CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in sh
 CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
 	NOT-FOR-US: Wechat-php-sdk
 CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Fluxbb
 CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
 	NOT-FOR-US: matyhtf framework
 CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
@@ -16387,7 +16387,7 @@ CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and
 CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
 	NOT-FOR-US: OpenEMR
 CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-41841
 	RESERVED
 CVE-2021-41840
@@ -17495,7 +17495,7 @@ CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provi
 CVE-2021-41389
 	RESERVED
 CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...)
-	TODO: check
+	NOT-FOR-US: Netskope
 CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...)
 	- seatd <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
@@ -27958,9 +27958,9 @@ CVE-2021-37135
 CVE-2021-37134 (Location-related APIs exists a Race Condition vulnerability.Successful ...)
 	TODO: check
 CVE-2021-37133 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and Access Contro ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...)
@@ -27968,13 +27968,13 @@ CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0
 CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful exploitat ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because  ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...)
@@ -27982,29 +27982,29 @@ CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060
 CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful exploitation ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful exploita ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37119 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional Conditi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37115
 	RESERVED
 CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37112 (Hisuite module has a External Control of System or Configuration Setti ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful explo ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37109
 	RESERVED
 CVE-2021-37108
@@ -28028,7 +28028,7 @@ CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smart
 CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors vulnerability .Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37097 (There is a Code Injection vulnerability in Huawei Smartphone.Successfu ...)
 	NOT-FOR-US: Huawei
 CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
@@ -40846,7 +40846,7 @@ CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrato
 CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
 	NOT-FOR-US: McAfee
 CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application  ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
 	NOT-FOR-US: McAfee
 CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
@@ -41550,7 +41550,7 @@ CVE-2021-31591
 CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...)
 	NOT-FOR-US: PwnDoc
 CVE-2021-31589 (BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust
 CVE-2021-31588
 	RESERVED
 CVE-2021-31587



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03fd6f6c83e0a6212c103ea6648601254ddf1275

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03fd6f6c83e0a6212c103ea6648601254ddf1275
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220106/826bf74c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list