[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon Mar 14 09:11:17 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c8bddb9 by Neil Williams at 2022-03-14T09:10:55+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20708,7 +20708,7 @@ CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP fi
 CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...)
 	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2021-44421 (The pointer-validation logic in util/mem_util.rs in Occlum before 0.26 ...)
-	TODO: check
+	NOT-FOR-US: Occlum
 CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
 	- python-django 2:3.2.10-1
 	[bullseye] - python-django 2:2.2.25-1~deb11u1
@@ -21329,9 +21329,9 @@ CVE-2021-44218
 CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting  ...)
 	NOT-FOR-US: Ericsson
 CVE-2021-44216 (Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18 ...)
-	TODO: check
+	NOT-FOR-US: Northern.tech
 CVE-2021-44215 (Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Pe ...)
-	TODO: check
+	NOT-FOR-US: Northern.tech
 CVE-2021-44214
 	RESERVED
 CVE-2021-44213
@@ -22443,7 +22443,7 @@ CVE-2021-43956
 CVE-2021-43955
 	RESERVED
 CVE-2021-43954 (The DefaultRepositoryAdminService class in Fisheye and Crucible before ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -27104,7 +27104,7 @@ CVE-2021-42858
 CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling  ...)
 	NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet
 CVE-2021-42856 (It was discovered that the /DsaDataTest endpoint is susceptible to Cro ...)
-	TODO: check
+	NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
 CVE-2021-42855 (It was discovered that the SteelCentral AppInternals Dynamic Sampling  ...)
 	NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
 CVE-2021-42854 (It was discovered that the SteelCentral AppInternals Dynamic Sampling  ...)
@@ -43403,7 +43403,7 @@ CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows
 CVE-2021-36778
 	RESERVED
 CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: OpenSuSE infrastructure
 CVE-2021-36776
 	RESERVED
 CVE-2021-36775
@@ -50296,9 +50296,9 @@ CVE-2021-33854
 CVE-2021-33853
 	RESERVED
 CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
-	TODO: check
+	NOT-FOR-US: post-duplicator-image plugin for WordPress
 CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
-	TODO: check
+	NOT-FOR-US: customize-login-image plugin for WordPress
 CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
@@ -50809,7 +50809,7 @@ CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to o
 CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2021-33658 (atune before 0.3-0.8 log in as a local user and run the curl command t ...)
-	TODO: check
+	NOT-FOR-US: A-Tune OS tuning engine
 CVE-2021-33657
 	RESERVED
 CVE-2021-33656



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c8bddb99ea73fcd85a49326104015e5f4fbaa1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c8bddb99ea73fcd85a49326104015e5f4fbaa1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220314/bdd28e49/attachment.htm>

More information about the debian-security-tracker-commits mailing list