[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 20 21:08:53 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
158daa36 by Salvatore Bonaccorso at 2022-06-20T22:08:29+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53728,7 +53728,7 @@ CVE-2021-40942
 CVE-2021-40941
 	RESERVED
 CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...)
-	TODO: check
+	NOT-FOR-US: Monstra CMS
 CVE-2021-40939
 	RESERVED
 CVE-2021-40938
@@ -54422,7 +54422,7 @@ CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allow
 CVE-2021-40661
 	RESERVED
 CVE-2021-40660 (An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an  ...)
-	TODO: check
+	NOT-FOR-US: Delight Nashorn Sandbox
 CVE-2021-40659
 	RESERVED
 CVE-2021-40658 (Textpattern 4.8.7 is affected by a HTML injection vulnerability throug ...)
@@ -54448,9 +54448,9 @@ CVE-2021-40652
 CVE-2021-40651 (OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vu ...)
 	NOT-FOR-US: OS4Ed OpenSIS Community
 CVE-2021-40650 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the  ...)
-	TODO: check
+	NOT-FOR-US: Connx
 CVE-2021-40649 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the  ...)
-	TODO: check
+	NOT-FOR-US: Connx
 CVE-2021-40648
 	RESERVED
 CVE-2021-40647
@@ -54544,7 +54544,7 @@ CVE-2021-40606
 CVE-2021-40605
 	RESERVED
 CVE-2021-40604 (A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Su ...)
-	TODO: check
+	NOT-FOR-US: IPS Community Suite
 CVE-2021-40603
 	RESERVED
 CVE-2021-40602
@@ -56535,7 +56535,7 @@ CVE-2021-39822
 CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
@@ -61685,7 +61685,7 @@ CVE-2021-3677 (A flaw was found in postgresql. A purpose-crafted query can read
 CVE-2021-3676
 	REJECTED
 CVE-2021-3675 (Improper Input Validation vulnerability in synaTEE.signed.dll of Synap ...)
-	TODO: check
+	NOT-FOR-US: Synaptics Fingerprint Driver
 CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...)
 	NOT-FOR-US: resolution SAML SSO apps for Atlassian products
 CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...)
@@ -63257,7 +63257,7 @@ CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Managemen
 CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37182 (A vulnerability has been identified in SCALANCE XM408-4C (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-37181 (A vulnerability has been identified in Cerberus DMS V4.0 (All versions ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
@@ -63917,7 +63917,7 @@ CVE-2021-36903
 CVE-2021-36902
 	RESERVED
 CVE-2021-36901 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36900
 	RESERVED
 CVE-2021-36899
@@ -63937,7 +63937,7 @@ CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scr
 CVE-2021-36892
 	RESERVED
 CVE-2021-36891 (Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Su ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36890 (Cross-Site Request Forgery (CSRF) vulnerability in Social Share Button ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...)
@@ -64065,7 +64065,7 @@ CVE-2021-36829
 CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36827 (Authenticated (admin or higher user role) Stored Cross-Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36826 (Authenticated (subscriber or higher user role if allowed to access pro ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36825
@@ -68230,7 +68230,7 @@ CVE-2021-35131
 CVE-2021-35130 (Memory corruption in graphics support layer due to use after free cond ...)
 	TODO: check
 CVE-2021-35129 (Memory corruption in BT controller due to improper length check while  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-35128
 	RESERVED
 CVE-2021-35127



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/158daa362c26f7ec72320648ec930df39d115bd9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/158daa362c26f7ec72320648ec930df39d115bd9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/8ecf5fb6/attachment.htm>

More information about the debian-security-tracker-commits mailing list