[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 08 Sep 2021 13:25:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b5e6bf74 by Salvatore Bonaccorso at 2021-09-08T22:23:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -916,7 +916,7 @@ CVE-2021-40379 (An issue was discovered on Compro IP70 
2.08_7130218, IP570 2.08_
 CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 
2.08_713052 ...)
        NOT-FOR-US: Compro devices
 CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored 
XSS. The ap ...)
-       TODO: check
+       NOT-FOR-US: SmarterTools
 CVE-2021-40376
        RESERVED
 CVE-2021-40375
@@ -5362,7 +5362,7 @@ CVE-2021-38390 (A Blind SQL injection vulnerability 
exists in the /DataHandler/H
 CVE-2021-38389
        RESERVED
 CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to 
the intern ...)
-       TODO: check
+       NOT-FOR-US: Central Dogma
 CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before 
disconnect ...)
        NOT-FOR-US: Contiki
 CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows 
remote  ...)
@@ -9320,7 +9320,7 @@ CVE-2021-36697
 CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in 
Deskpro 202 ...)
        NOT-FOR-US: Deskpro
 CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in 
Deskpro 202 ...)
-       TODO: check
+       NOT-FOR-US: Deskpro
 CVE-2021-36694
        RESERVED
 CVE-2021-36693
@@ -10345,9 +10345,9 @@ CVE-2021-36218
 CVE-2021-36217
        REJECTED
 CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code 
execution ...)
-       TODO: check
+       NOT-FOR-US: LINE for Windows
 CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar 
spoofing due ...)
-       TODO: check
+       NOT-FOR-US: LINE client for iOS
 CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script 
with speci ...)
        NOT-FOR-US: LINE client for iOS
 CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 
default de ...)
@@ -10417,13 +10417,13 @@ CVE-2021-36184
 CVE-2021-36183
        RESERVED
 CVE-2021-36182 (A Improper neutralization of special elements used in a 
command ('Comm ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-36181
        RESERVED
 CVE-2021-36180
        RESERVED
 CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 
6.3.14 and  ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-36178
        RESERVED
 CVE-2021-36177
@@ -11966,7 +11966,7 @@ CVE-2021-35528
 CVE-2021-35527 (Password autocomplete vulnerability in the web application 
password fi ...)
        NOT-FOR-US: Hitachi ABB Power Grids eSOMS
 CVE-2021-35526 (Backup file without encryption vulnerability is found in 
Hitachi ABB P ...)
-       TODO: check
+       NOT-FOR-US: Hitachi ABB Power Grids System Data Manager
 CVE-2021-3624 [buffer-overflow caused by integer-overflow in 
foveon_load_camf()]
        RESERVED
        - dcraw <unfixed> (bug #984761)
@@ -12711,7 +12711,7 @@ CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read 
Information Disclosure Vulner
 CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart 
Endpoint ca ...)
        NOT-FOR-US: Solarwinds
 CVE-2021-35217 (Insecure Deseralization of untrusted data remote code 
execution vulner ...)
-       TODO: check
+       NOT-FOR-US: Solarwinds
 CVE-2021-35216 (Insecure Deserialization of untrusted data remote code 
execution vulne ...)
        NOT-FOR-US: Solarwinds
 CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was 
detected ...)
@@ -15474,9 +15474,9 @@ CVE-2021-33984
 CVE-2021-33983
        RESERVED
 CVE-2021-33982 (An insufficient session expiration vulnerability exists in the 
"Fish | ...)
-       TODO: check
+       NOT-FOR-US: "Fish | Hunt FL" iOS app
 CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing 
license re ...)
-       TODO: check
+       NOT-FOR-US: "Fish | Hunt FL" iOS app
 CVE-2021-33980
        RESERVED
 CVE-2021-33979
@@ -22340,7 +22340,7 @@ CVE-2021-31276
 CVE-2021-31275
        RESERVED
 CVE-2021-31274 (In LibreNMS &lt; 21.3.0, a stored XSS vulnerability was 
identified in  ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2021-31273
        RESERVED
 CVE-2021-31272 (SerenityOS before commit 
3844e8569689dd476064a0759d704bc64fb3ca2c cont ...)
@@ -47270,8 +47270,6 @@ CVE-2020-35701 (An issue was discovered in Cacti 1.2.x 
through 1.2.16. A SQL inj
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
 CVE-2020-35700 (A second-order SQL injection issue in 
Widgets/TopDevicesController.php ...)
        NOT-FOR-US: LibreNMS
-       NOTE: https://github.com/librenms/librenms/releases/tag/21.1.0
-       NOTE: https://github.com/librenms/librenms/pull/12422
 CVE-2020-35699
        RESERVED
 CVE-2020-35698



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e6bf74cec4a695432a43543939fdd64e02f923

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5e6bf74cec4a695432a43543939fdd64e02f923
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to