[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Fri, 23 Apr 2021 13:31:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b33eb94a by Salvatore Bonaccorso at 2021-04-23T22:31:19+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -463,9 +463,9 @@ CVE-2021-31542
 CVE-2021-31541
        RESERVED
 CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default 
installation) has i ...)
-       TODO: check
+       NOT-FOR-US: Wowza Streaming Engine
 CVE-2021-31539 (Wowza Streaming Engine through 4.8.5 (in a default 
installation) has c ...)
-       TODO: check
+       NOT-FOR-US: Wowza Streaming Engine
 CVE-2021-31538
        RESERVED
 CVE-2021-31537
@@ -775,21 +775,21 @@ CVE-2021-31412
 CVE-2021-31411
        RESERVED
 CVE-2021-31410 (Overly relaxed configuration of frontend resources server in 
Vaadin De ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2021-31409
        RESERVED
 CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client 
versions 5.0. ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server 
versions 1 ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint 
request handle ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2021-31405 (Unsafe validation RegEx in EmailField component in 
com.vaadin:vaadin-t ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request 
handler in ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request 
handler in ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when 
trying to resolve badly-formatted hostnames]
        RESERVED
        - avahi <unfixed> (bug #986018)
@@ -2403,17 +2403,17 @@ CVE-2021-30640
 CVE-2021-30639
        RESERVED
 CVE-2020-36321 (Improper URL validation in development mode handler in 
com.vaadin:flow ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in 
com.vaadin:vaadin-s ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2020-36319 (Insecure configuration of default ObjectMapper in 
com.vaadin:flow-serv ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2019-25028 (Missing variable sanitization in Grid component in 
com.vaadin:vaadin-s ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view 
in com. ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2018-25007 (Missing check in UIDL request handler in 
com.vaadin:flow-server versio ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2017-20003
        REJECTED
 CVE-2021-30638
@@ -11020,9 +11020,9 @@ CVE-2021-26912 (NetMotion Mobility before 11.73 and 
12.x before 12.02 allows una
 CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has 
Missing SSL ...)
        NOT-FOR-US: Canary Mail
 CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently 
protected S3  ...)
-       TODO: check
+       NOT-FOR-US: Automox Agent
 CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive 
informati ...)
-       TODO: check
+       NOT-FOR-US: Automox Agent
 CVE-2021-26907
        RESERVED
 CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium 
Asterisk thro ...)
@@ -20312,7 +20312,7 @@ CVE-2021-22895
 CVE-2021-22894
        RESERVED
 CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to 
an authen ...)
-       TODO: check
+       NOT-FOR-US: Pulse Connect Secure
 CVE-2021-22892
        RESERVED
 CVE-2021-22891
@@ -20916,7 +20916,7 @@ CVE-2021-22684
 CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an 
out-of-b ...)
        NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by 
default to be ...)
-       TODO: check
+       NOT-FOR-US: Cscape
 CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and 
later,  ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2021-22680
@@ -20924,7 +20924,7 @@ CVE-2021-22680
 CVE-2021-22679
        RESERVED
 CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper 
validation of use ...)
-       TODO: check
+       NOT-FOR-US: Cscape
 CVE-2021-22677
        RESERVED
 CVE-2021-22676



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33eb94a91a6ac1e889c8644a565d3b65310e353

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b33eb94a91a6ac1e889c8644a565d3b65310e353
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to