[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Fri, 13 Aug 2021 13:19:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c978e422 by Salvatore Bonaccorso at 2021-08-13T22:19:16+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -103,11 +103,11 @@ CVE-2021-38623 (The deferred_image_processing (aka 
Deferred image processing) ex
 CVE-2021-38622
        RESERVED
 CVE-2021-38621 (The remove API in 
v1/controller/cloudStorage/alibabaCloud/remove/index ...)
-       TODO: check
+       NOT-FOR-US: Agora Flat Server
 CVE-2021-38620
        RESERVED
 CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize 
user-controllable in ...)
-       TODO: check
+       NOT-FOR-US: openBaraza HCM
 CVE-2021-38618
        RESERVED
 CVE-2021-38617
@@ -195,7 +195,7 @@ CVE-2021-38585 (The WHM Locale Upload feature in cPanel 
before 98.0.1 allows uns
 CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows 
XXE attac ...)
        NOT-FOR-US: cPanel
 CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize 
user-controllable in ...)
-       TODO: check
+       NOT-FOR-US: openBaraza HCM
 CVE-2021-38582
        RESERVED
 CVE-2021-38581
@@ -261,9 +261,9 @@ CVE-2021-38556
 CVE-2021-38555
        RESERVED
 CVE-2021-38554 (HashiCorp Vault and Vault Enterprise&#8217;s UI erroneously 
cached and ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 
initialized a ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2021-38552
        RESERVED
 CVE-2021-38551
@@ -2214,7 +2214,7 @@ CVE-2021-37705
 CVE-2021-37704 (PhpFastCache is a high-performance backend cache system 
(packagist pac ...)
        TODO: check
 CVE-2021-37703 (Discourse is an open-source platform for community discussion. 
In Disc ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2021-37702
        RESERVED
 CVE-2021-37701
@@ -2236,7 +2236,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML 
editor with rich content
 CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring 
Cloud S ...)
        TODO: check
 CVE-2021-37693 (Discourse is an open-source platform for community discussion. 
In Disc ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine 
learning. ...)
        - tensorflow <itp> (bug #804612)
 CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine 
learning. ...)
@@ -2476,7 +2476,7 @@ CVE-2021-37588 (In Charm 0.43, any two users can collude 
to achieve the ability
 CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or 
MA-ABE-YJ14 dat ...)
        NOT-FOR-US: Charm
 CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording 
Multitenanc ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-37585
        RESERVED
 CVE-2021-37584
@@ -2972,27 +2972,27 @@ CVE-2021-37355
 CVE-2021-37354
        RESERVED
 CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to 
SSRF due ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before 
version 5.8. ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure 
permissions a ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local 
privilege escala ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file 
inclusion t ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local 
privilege escala ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable 
to remo ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local 
privilege escala ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to 
remote c ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below 
version 5.8.5 ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2021-37342
        RESERVED
 CVE-2021-37341
@@ -3656,7 +3656,7 @@ CVE-2021-37030
 CVE-2021-37029
        RESERVED
 CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q 
product. Whe ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-37027
        RESERVED
 CVE-2021-37026
@@ -5138,7 +5138,7 @@ CVE-2021-36382 (Devolutions Server before 2021.1.18, and 
LTS before 2020.3.20, a
 CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an 
unauthenticat ...)
        NOT-FOR-US: Edifecs
 CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS 
Command I ...)
-       TODO: check
+       NOT-FOR-US: Sunhillo SureLine
 CVE-2021-36379
        REJECTED
 CVE-2021-36378
@@ -9708,7 +9708,7 @@ CVE-2021-34400
 CVE-2021-34399
        RESERVED
 CVE-2021-34398 (NVIDIA DCGM contains a vulnerability in the DIAG module where 
any user ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may 
cause fre ...)
        NOT-FOR-US: NVIDIA
 CVE-2021-34396 (Bootloader contains a vulnerability in access permission 
settings wher ...)
@@ -15130,15 +15130,15 @@ CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF 
vulnerability that allows a rem
 CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 
9.3 cou ...)
        TODO: check
 CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could 
allow a ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 
9.3 cou ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an 
attacker ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel 
MiCollab befor ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 
9.3 cou ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 
2.7.3, an ...)
        - ruby2.7 2.7.4-1 (bug #990815)
        - ruby2.5 <removed>
@@ -17082,7 +17082,7 @@ CVE-2021-31401
 CVE-2021-31400
        RESERVED
 CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can 
pose as the ...)
-       TODO: check
+       NOT-FOR-US: On 2N Access Unit devices
 CVE-2021-31398
        RESERVED
 CVE-2021-31397
@@ -26282,7 +26282,7 @@ CVE-2021-27743
 CVE-2021-27742
        RESERVED
 CVE-2021-27741 (" Security vulnerability in HCL Commerce Management Center 
allowing XM ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2021-27740
        RESERVED
 CVE-2021-27739
@@ -27015,9 +27015,9 @@ CVE-2021-27404 (Askey RTF8115VW 
BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow
 CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow cgi-b ...)
        NOT-FOR-US: Askey devices
 CVE-2021-27402 (The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could 
allow an u ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-27401 (The Join Meeting page of Mitel MiCollab Web Client before 9.2 
FP2 coul ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations 
(storage b ...)
        NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has 
one out ...)
@@ -29153,7 +29153,7 @@ CVE-2021-3354
 CVE-2021-3353
        RESERVED
 CVE-2021-3352 (The Software Development Kit in Mitel MiContact Center Business 
from 8 ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the 
Device ...)
        NOT-FOR-US: OpenPLC
 CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB 
allows XSS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c978e4224374c5bcb05f4674fe2d79607bb829f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c978e4224374c5bcb05f4674fe2d79607bb829f5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to