[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon Jul 4 13:41:04 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1dd8f8b by Neil Williams at 2022-07-04T13:40:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54752,7 +54752,7 @@ CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Comple
 CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...)
 	NOT-FOR-US: OpenCATS
 CVE-2021-41559 (Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Co ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe CMS
 CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
 	NOT-FOR-US: set_user extension for Postgres
 CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
@@ -54876,7 +54876,7 @@ CVE-2021-41508
 CVE-2021-41507
 	RESERVED
 CVE-2021-41506 (Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2 ...)
-	TODO: check
+	NOT-FOR-US: Xiaongmai
 CVE-2021-41505
 	RESERVED
 CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in ...)
@@ -57003,7 +57003,7 @@ CVE-2021-40665
 CVE-2021-40664
 	RESERVED
 CVE-2021-40663 (deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Cont ...)
-	TODO: check
+	NOT-FOR-US: Node deep.assign
 CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...)
 	NOT-FOR-US: Chamilo LMS
 CVE-2021-40661
@@ -57049,9 +57049,9 @@ CVE-2021-40645 (An SQL Injection vulnerability exists in glorylion JFinalOA as o
 CVE-2021-40644 (An SQL Injection vulnerability exists in oasys oa_system as of 9/7/202 ...)
 	NOT-FOR-US: oasys Office Automation system
 CVE-2021-40643 (EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2021-40642 (Textpattern CMS v4.8.7 and older vulnerability exists through Sensitiv ...)
-	TODO: check
+	NOT-FOR-US: Textpattern CMS
 CVE-2021-40641
 	RESERVED
 CVE-2021-40640
@@ -57153,7 +57153,7 @@ CVE-2021-40599
 CVE-2021-40598
 	RESERVED
 CVE-2021-40597 (The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Adminis ...)
-	TODO: check
+	NOT-FOR-US: EDIMAX IC-3140W
 CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management  ...)
@@ -64418,7 +64418,7 @@ CVE-2021-37793
 CVE-2021-37792
 	RESERVED
 CVE-2021-37791 (MyAdmin v1.0 is affected by an incorrect access control vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: cdfan/my-admin
 CVE-2021-37790
 	RESERVED
 CVE-2021-37789
@@ -64444,7 +64444,7 @@ CVE-2021-37780
 CVE-2021-37779
 	RESERVED
 CVE-2021-37778 (There is a buffer overflow in gps-sdr-sim v1.0 when parsing long comma ...)
-	TODO: check
+	NOT-FOR-US: osqzss/gps-sdr-sim
 CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...)
 	NOT-FOR-US: Gila CMS
 CVE-2021-37776
@@ -64460,7 +64460,7 @@ CVE-2021-37772
 CVE-2021-37771
 	RESERVED
 CVE-2021-37770 (Nucleus CMS v3.71 is affected by a file upload vulnerability. In this  ...)
-	TODO: check
+	NOT-FOR-US: Nucleus CMS
 CVE-2021-37769
 	RESERVED
 CVE-2021-37768
@@ -65122,7 +65122,7 @@ CVE-2021-37526
 CVE-2021-37525
 	RESERVED
 CVE-2021-37524 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows re ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2021-37523
 	RESERVED
 CVE-2021-37522
@@ -74822,7 +74822,7 @@ CVE-2021-33475
 CVE-2021-33474
 	RESERVED
 CVE-2021-33473 (An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allow ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly Ruby Gem
 CVE-2021-33472
 	RESERVED
 CVE-2021-33471



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1dd8f8bbd2f12ed362388e85f3735c9c12047c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1dd8f8bbd2f12ed362388e85f3735c9c12047c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/eeb5a2bc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list