[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue, 31 Aug 2021 13:41:01 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
972fe81c by Salvatore Bonaccorso at 2021-08-31T22:40:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2163,7 +2163,7 @@ CVE-2021-39318
 CVE-2021-39317
        RESERVED
 CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows 
arbitrary files, ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-39315
        RESERVED
 CVE-2021-39314
@@ -2545,7 +2545,7 @@ CVE-2021-39182
 CVE-2021-39181
        RESERVED
 CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A 
path trave ...)
-       TODO: check
+       NOT-FOR-US: OpenOLAT
 CVE-2021-39179
        RESERVED
 CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 
10.0.0 and 1 ...)
@@ -11542,15 +11542,15 @@ CVE-2021-35225
 CVE-2021-35224
        RESERVED
 CVE-2021-35223 (The Serv-U File Server allows for events such as user login 
failures t ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35222 (This vulnerability allows attackers to impersonate users and 
perform a ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35221 (Improper Access Control Tampering Vulnerability using 
ImportAlert func ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can 
lead to  ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure 
Vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35218
        RESERVED
 CVE-2021-35217
@@ -11562,9 +11562,9 @@ CVE-2021-35215
 CVE-2021-35214
        RESERVED
 CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability 
was disc ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was 
discovered in  ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) 
vulnerability in th ...)
        NOT-FOR-US: SolarWinds
 CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 
for Linux- ...)
@@ -12973,13 +12973,13 @@ CVE-2021-34583
 CVE-2021-34582
        RESERVED
 CVE-2021-34581 (Missing Release of Resource after Effective Lifetime 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-34580
        RESERVED
 CVE-2021-34579
        RESERVED
 CVE-2021-34578 (This vulnerability allows an attacker who has access to the 
WBM to rea ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-34577
        RESERVED
 CVE-2021-34576
@@ -13005,19 +13005,19 @@ CVE-2021-34567
 CVE-2021-34566
        RESERVED
 CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH 
and telne ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or 
browser  ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the 
HttpOnly att ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to 
inject a ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious 
issue exists ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form 
contains a pa ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a 
vulnerability may  ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-3596
        RESERVED
 CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP 
network ...)
@@ -15406,7 +15406,7 @@ CVE-2021-33557 (An XSS issue was discovered in 
manage_custom_field_edit_page.php
 CVE-2021-33556
        RESERVED
 CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename 
paramet ...)
-       TODO: check
+       NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-33554
        RESERVED
 CVE-2021-33553
@@ -30251,7 +30251,7 @@ CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the 
api/v1/core/proxy/jsonpreques
 CVE-2021-27669
        RESERVED
 CVE-2021-27668 (HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the 
read of lic ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2021-27667
        RESERVED
 CVE-2021-27666
@@ -41362,9 +41362,9 @@ CVE-2021-22946
 CVE-2021-22945
        RESERVED
 CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: UniFi Protect application
 CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: UniFi Protect application
 CVE-2021-22942 [ossible Open Redirect in Host Authorization Middleware]
        RESERVED
        - rails <unfixed> (bug #992586)
@@ -44136,7 +44136,7 @@ CVE-2021-21813 (Within the function HandleFileArg the 
argument filepattern is un
 CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the 
command-line ...)
        NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21811 (A memory corruption vulnerability exists in the XML-parsing 
CreateLabe ...)
-       TODO: check
+       NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing 
ParseAttri ...)
        NOT-FOR-US: AT&T Labs Xmill
 CVE-2021-21809 (A command execution vulnerability exists in the default legacy 
spellch ...)
@@ -80417,13 +80417,13 @@ CVE-2020-19051
 CVE-2020-19050
        RESERVED
 CVE-2020-19049 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote 
attackers to  ...)
-       TODO: check
+       NOT-FOR-US: MyBB
 CVE-2020-19048 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote 
attackers to  ...)
-       TODO: check
+       NOT-FOR-US: MyBB
 CVE-2020-19047 (Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows 
remote atatck ...)
-       TODO: check
+       NOT-FOR-US: iWebShop
 CVE-2020-19046 (Cross Site Scripting (XSS) in S-CMS v1.0 allows remote 
attackers to ex ...)
-       TODO: check
+       NOT-FOR-US: S-CMS
 CVE-2020-19045
        RESERVED
 CVE-2020-19044



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972fe81cf9f41dd0f54016439f294b3d020d3dd6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/972fe81cf9f41dd0f54016439f294b3d020d3dd6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to