[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 10 Aug 2021 22:38:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9020259d by Salvatore Bonaccorso at 2021-08-11T07:38:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before 
disconnect ...)
-       TODO: check
+       NOT-FOR-US: Contiki
 CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows 
remote  ...)
-       TODO: check
+       NOT-FOR-US: Contiki
 CVE-2021-38385
        RESERVED
 CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a 
route th ...)
@@ -56,7 +56,7 @@ CVE-2021-38367
 CVE-2021-38366
        RESERVED
 CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 
allow remo ...)
-       TODO: check
+       NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
 CVE-2021-3698
        RESERVED
 CVE-2021-3697
@@ -2276,11 +2276,11 @@ CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" 
variable is not properly
 CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not 
properly sanit ...)
        NOT-FOR-US: RPCMS
 CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an 
invitatio ...)
-       TODO: check
+       NOT-FOR-US: Chamilo LMS
 CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in 
main/socia ...)
-       TODO: check
+       NOT-FOR-US: Chamilo LMS
 CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php 
and main/ ...)
-       TODO: check
+       NOT-FOR-US: Chamilo LMS
 CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr 
paramet ...)
        NOT-FOR-US: D-Link
 CVE-2021-37387
@@ -2324,11 +2324,11 @@ CVE-2021-37369
 CVE-2021-37368
        RESERVED
 CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: CTparental
 CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request 
forgery  ...)
-       TODO: check
+       NOT-FOR-US: CTparental
 CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site 
scripting (XSS)  ...)
-       TODO: check
+       NOT-FOR-US: CTparental
 CVE-2021-37364
        RESERVED
 CVE-2021-37363
@@ -2721,11 +2721,11 @@ CVE-2021-37182
 CVE-2021-37181
        RESERVED
 CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All 
Versions ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All 
Versions ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All 
Versions ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-37177
        RESERVED
 CVE-2021-37176
@@ -2737,7 +2737,7 @@ CVE-2021-37174
 CVE-2021-37173
        RESERVED
 CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU 
family (inc ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-37171
        RESERVED
 CVE-2021-37170
@@ -10640,7 +10640,7 @@ CVE-2021-3567
        NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3
        NOTE: 
https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6
 CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions 
&lt; V13.2. ...)
-       TODO: check
+       NOT-FOR-US: JT2Go
 CVE-2021-33737
        RESERVED
 CVE-2021-33736
@@ -10674,7 +10674,7 @@ CVE-2021-33723
 CVE-2021-33722
        RESERVED
 CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions 
&lt; V1 ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-33720
        RESERVED
 CVE-2021-33719
@@ -10682,7 +10682,7 @@ CVE-2021-33719
 CVE-2021-33718 (A vulnerability has been identified in Mendix Applications 
using Mendi ...)
        NOT-FOR-US: Mendix Applications
 CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions 
&lt; V13.2. ...)
-       TODO: check
+       NOT-FOR-US: JT2Go
 CVE-2021-33716
        RESERVED
 CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All 
versions &lt; ...)
@@ -12456,7 +12456,7 @@ CVE-2021-32945
 CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading 
procedure in the ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer 
overflow, w ...)
-       TODO: check
+       NOT-FOR-US: WebAccess/SCADA
 CVE-2021-32942 (The vulnerability could expose cleartext credentials from 
AVEVA InTouc ...)
        NOT-FOR-US: AVEVA InTouch Runtime
 CVE-2021-32941
@@ -30860,7 +30860,7 @@ CVE-2021-25661 (SmartVNC has an out-of-bounds memory 
access vulnerability that c
 CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort 
Outdoor Pan ...)
        NOT-FOR-US: Siemens
 CVE-2021-25659 (A vulnerability has been identified in Automation License 
Manager 5 (A ...)
-       TODO: check
+       NOT-FOR-US: Automation License Manager
 CVE-2021-25658
        RESERVED
 CVE-2021-25657
@@ -37670,11 +37670,11 @@ CVE-2021-22678 (Cscape (All versions prior to 9.90 
SP4) lacks proper validation
 CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while 
trying to ...)
        NOT-FOR-US: SimpleLink
 CVE-2021-22676 (UserExcelOut.asp within WebAccess/SCADA is vulnerable to 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: WebAccess/SCADA
 CVE-2021-22675 (The affected product is vulnerable to integer overflow while 
parsing m ...)
        NOT-FOR-US: SimpleLink
 CVE-2021-22674 (The affected product is vulnerable to a relative path 
traversal condit ...)
-       TODO: check
+       NOT-FOR-US: WebAccess/SCADA
 CVE-2021-22673 (The affected product is vulnerable to stack-based buffer 
overflow whil ...)
        NOT-FOR-US: SimpleLink
 CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to 
v1.01.30  ...)
@@ -38257,9 +38257,9 @@ CVE-2021-22388 (There is an Integer Overflow 
Vulnerability in Huawei Smartphone.
 CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code 
Resources Vu ...)
        NOT-FOR-US: Huawei
 CVE-2021-22386 (A component of the Huawei smartphone has a Double Free 
vulnerability.  ...)
-       TODO: check
+       NOT-FOR-US: Huawei / HarmonyOS
 CVE-2021-22385 (A component of the Huawei smartphone has a External Control of 
System  ...)
-       TODO: check
+       NOT-FOR-US: Huawei / HarmonyOS
 CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei 
Smartphone. ...)
        NOT-FOR-US: Huawei
 CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD 
V100R005C10 ...)
@@ -39675,7 +39675,7 @@ CVE-2021-21742
 CVE-2021-21741
        RESERVED
 CVE-2021-21740 (There is an information leak vulnerability in the digital 
media player ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2021-21739 (A ZTE's product of the transport network access layer has a 
security v ...)
        NOT-FOR-US: ZTE
 CVE-2021-21738 (ZTE's big video business platform has two reflective 
cross-site script ...)
@@ -39982,11 +39982,11 @@ CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, 
contain an uncontrolled resou
 CVE-2021-21599
        RESERVED
 CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a 
Sensitive  ...)
-       TODO: check
+       NOT-FOR-US: Dell Wyse ThinOS
 CVE-2021-21597 (Dell Wyse ThinOS, version 9.0, contains a Sensitive 
Information Disclo ...)
-       TODO: check
+       NOT-FOR-US: Dell Wyse ThinOS
 CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell 
OpenMan ...)
-       TODO: check
+       NOT-FOR-US: Dell OpenManage Enterprise
 CVE-2021-21595
        RESERVED
 CVE-2021-21594
@@ -40008,9 +40008,9 @@ CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 
and earlier contain a fu
 CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an 
absolute pat ...)
        NOT-FOR-US: Dell
 CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an 
OS comma ...)
-       TODO: check
+       NOT-FOR-US: Dell OpenManage Enterprise
 CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage 
Enterprise-Modul ...)
-       TODO: check
+       NOT-FOR-US: Dell OpenManage Enterprise
 CVE-2021-21583
        RESERVED
 CVE-2021-21582
@@ -40044,13 +40044,13 @@ CVE-2021-21569
 CVE-2021-21568
        RESERVED
 CVE-2021-21567 (Dell PowerScale OneFS 9.1.0.x contains an improper privilege 
managemen ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21566
        RESERVED
 CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a 
denial of ...)
        NOT-FOR-US: Dell
 CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an 
improper ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an 
Improper C ...)
        NOT-FOR-US: EMC
 CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path 
vulnerabil ...)
@@ -52688,7 +52688,7 @@ CVE-2020-28399
 CVE-2020-28398
        RESERVED
 CVE-2020-28397 (A vulnerability has been identified in SIMATIC Drive 
Controller family ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 
(All versio ...)
        NOT-FOR-US: Siemens
 CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch 
family (i ...)
@@ -63031,7 +63031,7 @@ CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in 
hw/usb/hcd-xhci.c because the
 CVE-2020-25083
        RESERVED
 CVE-2020-25082 (An attacker with physical access to Nuvoton Trusted Platform 
Module (N ...)
-       TODO: check
+       NOT-FOR-US: Nuvoton
 CVE-2020-25081
        RESERVED
 CVE-2020-25080
@@ -67281,13 +67281,13 @@ CVE-2020-23153
 CVE-2020-23152
        RESERVED
 CVE-2020-23151 (rConfig 3.9.5 allows command injection by sending a crafted 
GET reques ...)
-       TODO: check
+       NOT-FOR-US: rConfig
 CVE-2020-23150 (A SQL injection vulnerability in config.inc.php of rConfig 
3.9.5 allow ...)
-       TODO: check
+       NOT-FOR-US: rConfig
 CVE-2020-23149 (The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is 
unsaniti ...)
-       TODO: check
+       NOT-FOR-US: rConfig
 CVE-2020-23148 (The userLogin parameter in ldap/login.php of rConfig 3.9.5 is 
unsaniti ...)
-       TODO: check
+       NOT-FOR-US: rConfig
 CVE-2020-23147
        RESERVED
 CVE-2020-23146
@@ -372372,7 +372372,7 @@ CVE-2013-6278
 CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
        NOT-FOR-US: QNAP
 CVE-2013-6276 (** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and 
F_VioGate 2308 ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2013-6274
        RESERVED
 CVE-2013-6273



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9020259d5aaa8ed9ffa3f37169b7590c9e88a0a2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9020259d5aaa8ed9ffa3f37169b7590c9e88a0a2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to