[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 7 20:36:26 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1cec95e by Salvatore Bonaccorso at 2023-09-07T21:35:32+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59531,7 +59531,7 @@ CVE-2023-20271
 CVE-2023-20270
 	RESERVED
 CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20268
 	RESERVED
 CVE-2023-20267
@@ -59543,7 +59543,7 @@ CVE-2023-20265
 CVE-2023-20264
 	RESERVED
 CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20262
 	RESERVED
 CVE-2023-20261
@@ -59569,7 +59569,7 @@ CVE-2023-20252
 CVE-2023-20251
 	RESERVED
 CVE-2023-20250 (A vulnerability in the web-based management interface of Cisco Small B ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20249
 	RESERVED
 CVE-2023-20248
@@ -59583,7 +59583,7 @@ CVE-2023-20245
 CVE-2023-20244
 	RESERVED
 CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisco Iden ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20241
@@ -59593,7 +59593,7 @@ CVE-2023-20240
 CVE-2023-20239
 	RESERVED
 CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20236
@@ -90408,7 +90408,7 @@ CVE-2022-32922 (A use after free issue was addressed with improved memory manage
 CVE-2022-32921
 	REJECTED
 CVE-2022-32920 (The issue was addressed with improved checks. This issue is fixed in X ...)
-	TODO: check
+	NOT-FOR-US: Apple Xcode
 CVE-2022-32919
 	RESERVED
 CVE-2022-32918 (This issue was addressed with improved data protection. This issue is  ...)
@@ -145674,7 +145674,7 @@ CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
 CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39859 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...)
@@ -153874,7 +153874,7 @@ CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the function
 	[buster] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/
 CVE-2021-36646 (A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows  ...)
-	TODO: check
+	NOT-FOR-US: KodExplorer
 CVE-2021-36645
 	RESERVED
 CVE-2021-36644
@@ -155368,7 +155368,7 @@ CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Refl
 CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...)
 	NOT-FOR-US: Adobe
 CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by an out-o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
 	NOT-FOR-US: Adobe
 CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
@@ -155481,7 +155481,7 @@ CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and ear
 CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
 CVE-2021-36036 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
 CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
@@ -155507,11 +155507,11 @@ CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and ear
 CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
 CVE-2021-36023 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
 CVE-2021-36021 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)  ...)
 	NOT-FOR-US: Magento
 CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
@@ -155593,7 +155593,7 @@ CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
 CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-35980 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
 	NOT-FOR-US: Digi RealPort
 CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
@@ -174688,7 +174688,7 @@ CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
 	NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
 CVE-2021-28644 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
@@ -194703,7 +194703,7 @@ CVE-2020-35595
 CVE-2020-35594 (Zoho ManageEngine ADManager Plus before 7066 allows XSS.)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-35593 (BMC PATROL Agent through 20.08.00 allows local privilege escalation vi ...)
-	TODO: check
+	NOT-FOR-US: BMC PATROL Agent
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...)
 	NOT-FOR-US: Pi-hole
 CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...)
@@ -194786,7 +194786,7 @@ CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path t
 CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Acrobat
 CVE-2021-21088 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
@@ -413609,7 +413609,7 @@ CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedde
 	NOTE: Fixed sourcewise in 1:1.11.0~beta4-1 but unimportant since uses the
 	NOTE: system library.
 CVE-2017-9453 (BMC Server Automation before 8.9.01 patch 1 allows Process Spawner com ...)
-	TODO: check
+	NOT-FOR-US: BMC Server Automation
 CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0  ...)
 	- piwigo <removed>
 CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in fla ...)
@@ -490899,9 +490899,9 @@ CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9
 CVE-2015-2205
 	RESERVED
 CVE-2015-2202 (Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrati ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2015-2201 (Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF rem ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2015-2200
 	RESERVED
 CVE-2015-2199 (Multiple SQL injection vulnerabilities in the WonderPlugin Audio Playe ...)
@@ -493422,9 +493422,9 @@ CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.
 CVE-2015-1392 (Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Pol ...)
 	NOT-FOR-US: Aruba Networks CPPM
 CVE-2015-1391 (Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanis ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2015-1390 (Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2015-1389 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass P ...)
 	NOT-FOR-US: Aruba Networks CPPM
 CVE-2015-1388 (The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1cec95ee0022521b6fb4bbc1bd72938886b0cb1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1cec95ee0022521b6fb4bbc1bd72938886b0cb1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230907/d4b58588/attachment.htm>

More information about the debian-security-tracker-commits mailing list