[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 30 Sep 2021 13:24:11 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bed6da08 by Salvatore Bonaccorso at 2021-09-30T22:23:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -241,7 +241,7 @@ CVE-2021-41731
 CVE-2021-41730
        RESERVED
 CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: BaiCloud-cms
 CVE-2021-41728
        RESERVED
 CVE-2021-41727
@@ -1172,35 +1172,35 @@ CVE-2021-41303 (Apache Shiro before 1.8.0, when using 
Apache Shiro with Spring B
        NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
        TODO: check
 CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in 
clear-te ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure 
when dir ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41300 (ECOA BAS controller&#8217;s special page displays user account 
and pas ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials 
within its ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object 
references ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control 
mechanism all ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative 
credential ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery 
vulnerability, th ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41294 (ECOA BAS controller suffers from a path traversal 
vulnerability, causi ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41293 (ECOA BAS controller suffers from a path traversal 
vulnerability, causi ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content 
disclosure v ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and 
path trav ...)
-       TODO: check
+       NOT-FOR-US: ECOA BAS controller
 CVE-2021-41289
        RESERVED
 CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41287
        RESERVED
 CVE-2021-41286
@@ -15367,21 +15367,21 @@ CVE-2021-35207 (An issue was discovered in Zimbra 
Collaboration Suite 8.8 before
 CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
        NOT-FOR-US: Gitpod
 CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows 
URL redire ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected 
Cross-Si ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary 
File Rea ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows 
Authorization Bypa ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML 
External Entity ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged 
users to a ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: NETSCOUT
 CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 
1.35.3, and  ...)
        - mediawiki 1:1.35.3-1
        [bullseye] - mediawiki <postponed> (Minor issue, wait until next 1.35.x 
release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bed6da083da804fd52743c0ce0090fbf0233c017

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bed6da083da804fd52743c0ce0090fbf0233c017
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to