[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Tue, 10 Aug 2021 13:28:14 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38bb7891 by Salvatore Bonaccorso at 2021-08-10T22:27:38+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10689,7 +10689,7 @@ CVE-2021-33709 (A vulnerability has been identified in 
Teamcenter Active Workspa
 CVE-2021-33708
        RESERVED
 CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to 
redirect ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be 
modified by  ...)
        TODO: check
 CVE-2021-33705
@@ -20659,7 +20659,7 @@ CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could 
allow a local user to explo
 CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 
5.1.0.3 sys ...)
        NOT-FOR-US: IBM
 CVE-2021-29739 (IBM Planning Analytics Local 2.0 could allow a remote attacker 
to obta ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-29738
        RESERVED
 CVE-2021-29737
@@ -39963,9 +39963,9 @@ CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 
and earlier does not esca
 CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows 
reading arbi ...)
        - jenkins <removed>
 CVE-2021-21601 (Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 
2.6.1 and p ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled 
resource co ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2021-21599
        RESERVED
 CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a 
Sensitive  ...)
@@ -44360,7 +44360,7 @@ CVE-2021-20351 (IBM Engineering products are vulnerable 
to cross-site scripting.
 CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site 
scripting. This  ...)
        NOT-FOR-US: IBM
 CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a 
stack-bas ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are 
vulnerable to ser ...)
        NOT-FOR-US: IBM
 CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are 
vulnerable to ser ...)
@@ -187298,15 +187298,15 @@ CVE-2018-17867 (The Port Forwarding functionality 
on DASAN H660GW devices allows
 CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in 
includes/core/u ...)
        NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for 
WordPress
 CVE-2018-17865 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-17864
        RESERVED
 CVE-2018-17863
        RESERVED
 CVE-2018-17862 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-17861 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be 
revoked.Th ...)
        NOT-FOR-US: Cloudera
 CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate 
checks in ...)
@@ -321854,7 +321854,7 @@ CVE-2015-7733
 CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends 
sensitive lo ...)
        NOT-FOR-US: Avira Mobile Security app
 CVE-2015-7731 (SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to 
obtain the  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, 
and Bus ...)
        NOT-FOR-US: SAP BusinessObjects
 CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development 
Workbench ...)
@@ -338160,9 +338160,9 @@ CVE-2015-2076 (The Auditing service in SAP 
BusinessObjects Edge 4.0 allows remot
 CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete 
audit e ...)
        NOT-FOR-US: SAP
 CVE-2015-2074 (The File Repository Server (FRS) CORBA listener in SAP 
BussinessObject ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2015-2073 (The File RepositoRy Server (FRS) CORBA listener in SAP 
BussinessObject ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 
73 (1. ...)
        NOT-FOR-US: SAP
 CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp 
in eTouc ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bb7891449098818072107ae8b56cd753988511

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bb7891449098818072107ae8b56cd753988511
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to