[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed Mar 30 11:06:48 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f9b9a3c by Neil Williams at 2022-03-30T11:06:16+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69009,7 +69009,7 @@ CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as u
 	[buster] - linux 4.19.181-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-367.html
 CVE-2021-3422 (The lack of validation of a key-value field in the Splunk-to-Splunk pr ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...)
 	- rpm 4.16.1.2+dfsg1-1 (bug #985308)
 	[buster] - rpm <no-dsa> (Minor issue)
@@ -72119,11 +72119,11 @@ CVE-2021-26624
 CVE-2021-26623
 	RESERVED
 CVE-2021-26622 (An remote code execution vulnerability due to SSTI vulnerability and i ...)
-	TODO: check
+	NOT-FOR-US: Genian NAC
 CVE-2021-26621 (An Buffer Overflow vulnerability leading to remote code execution was  ...)
-	TODO: check
+	NOT-FOR-US: Netis Korea MEX01
 CVE-2021-26620 (An improper authentication vulnerability leading to information leakag ...)
-	TODO: check
+	NOT-FOR-US: ipTIME NAS product
 CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was  ...)
 	NOT-FOR-US: BigFileAgent
 CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
@@ -72161,13 +72161,13 @@ CVE-2021-26603 (A heap overflow issue was found in ARK library of bandisoft Co.,
 CVE-2021-26602
 	RESERVED
 CVE-2021-26601 (ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php i ...)
-	TODO: check
+	NOT-FOR-US: ImpressCMS
 CVE-2021-26600 (ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confus ...)
-	TODO: check
+	NOT-FOR-US: ImpressCMS
 CVE-2021-26599 (ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Inject ...)
-	TODO: check
+	NOT-FOR-US: ImpressCMS
 CVE-2021-26598 (ImpressCMS before 1.4.3 has Incorrect Access Control because include/f ...)
-	TODO: check
+	NOT-FOR-US: ImpressCMS
 CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
 	NOT-FOR-US: Pryaniki
 CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...)
@@ -81385,13 +81385,13 @@ CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could
 CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22797 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22795 (A CWE-78 Improper Neutralization of Special Elements used in an OS Com ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22794 (A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...)
@@ -81997,7 +81997,7 @@ CVE-2021-22574
 CVE-2021-22573
 	RESERVED
 CVE-2021-22572 (On unix-like systems, the system temporary directory is shared between ...)
-	TODO: check
+	NOT-FOR-US: Google Data Transfer Project
 CVE-2021-22571 (A local attacker could read files from some other users' SA360 reports ...)
 	NOT-FOR-US: SA360 reports
 CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f9b9a3cadcb45eb995dc58cb0f68b477a913558

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f9b9a3cadcb45eb995dc58cb0f68b477a913558
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220330/92942410/attachment.htm>

More information about the debian-security-tracker-commits mailing list