[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 17 Sep 2021 01:28:15 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3318ab17 by Moritz Muehlenhoff at 2021-09-17T10:27:40+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection 
in the w ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2021-41313
        RESERVED
 CVE-2021-41312
@@ -21,11 +21,11 @@ CVE-2021-41305
 CVE-2021-41304
        RESERVED
 CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input 
During Web  ...)
-       TODO: check
+       NOT-FOR-US: adminlte
 CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input 
During Web  ...)
-       TODO: check
+       NOT-FOR-US: adminlte
 CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression 
Complexity ...)
-       TODO: check
+       NOT-FOR-US: code-server
 CVE-2021-3809
        RESERVED
 CVE-2021-3808
@@ -76,7 +76,7 @@ CVE-2021-41287
 CVE-2021-41286
        RESERVED
 CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity 
...)
-       TODO: check
+       NOT-FOR-US: NervJS Taro
 CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a 
suspicion that ...)
        - openssh <unfixed> (unimportant)
        NOTE: https://github.com/openssh/openssh-portable/pull/270
@@ -500,7 +500,7 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 
9.0.43 and 10.0.0-M1
        NOTE: 
https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8
 (9.0.44)
        NOTE: 
https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822
 (8.5.64)
 CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression 
Complexity ...)
-       TODO: check
+       NOT-FOR-US: nth-check
 CVE-2021-3802
        RESERVED
 CVE-2021-41078
@@ -4781,7 +4781,7 @@ CVE-2021-39209 (GLPI is a free Asset and IT management 
software package. In vers
        NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p
        NOTE: Only supported behind an authenticated HTTP zone
 CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many 
compress ...)
-       TODO: check
+       NOT-FOR-US: SharpCompress
 CVE-2021-39207 (parlai is a framework for training and evaluating AI models on 
a varie ...)
        NOT-FOR-US: Facebook ParlAI
 CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, 
which P ...)
@@ -33503,9 +33503,9 @@ CVE-2021-27343 (SerenityOS Unspecified is affected by: 
Buffer Overflow. The impa
 CVE-2021-27342 (An authentication brute-force protection mechanism bypass in 
telnetd i ...)
        NOT-FOR-US: D-Link
 CVE-2021-27341 (OpenSIS Community Edition version &lt;= 7.6 is affected by a 
local fil ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2021-27340 (OpenSIS Community Edition version &lt;= 7.6 is affected by a 
reflected ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2021-27339
        RESERVED
 CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ 
page and it ...)
@@ -50622,13 +50622,13 @@ CVE-2021-20830
 CVE-2021-20829
        RESERVED
 CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch 
Change Plug-i ...)
-       TODO: check
+       NOT-FOR-US: EC-CUBE plugin
 CVE-2021-20827
        RESERVED
 CVE-2021-20826
        RESERVED
 CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) 
item cha ...)
-       TODO: check
+       NOT-FOR-US: EC-CUBE plugin
 CVE-2021-20824
        RESERVED
 CVE-2021-20823
@@ -50696,9 +50696,9 @@ CVE-2021-20793 (Untrusted search path vulnerability in 
the installer of Sony Aud
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master 
versions  ...)
        NOT-FOR-US: Quiz And Survey Master
 CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 
2.1.230 and ...)
-       TODO: check
+       NOT-FOR-US: RevoWorks Browser
 CVE-2021-20790 (Improper control of program execution vulnerability in 
RevoWorks Brows ...)
-       TODO: check
+       NOT-FOR-US: RevoWorks Browser
 CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free 
edition ...)
        NOT-FOR-US: GroupSession
 CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in 
GroupSession (Grou ...)
@@ -94920,7 +94920,7 @@ CVE-2020-14126
 CVE-2020-14125
        RESERVED
 CVE-2020-14124 (There is a buffer overflow in librsa.so called by 
getwifipwdurl interf ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi
 CVE-2020-14123
        RESERVED
 CVE-2020-14122



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318ab17a2a00c0b89035a9446b591932e260388

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318ab17a2a00c0b89035a9446b591932e260388
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to