[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Fri, 08 Oct 2021 13:22:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cbe7785b by Salvatore Bonaccorso at 2021-10-08T22:21:50+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow 
privilege escala ...)
-       TODO: check
+       NOT-FOR-US: VITEC Exterity IPTV products
 CVE-2021-42108
        RESERVED
 CVE-2021-42107
@@ -324,11 +324,11 @@ CVE-2021-41978
 CVE-2021-41977
        RESERVED
 CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to 
authorization by ...)
-       TODO: check
+       NOT-FOR-US: Tad Uploader
 CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, 
thus remo ...)
-       TODO: check
+       NOT-FOR-US: TadTools
 CVE-2021-41974 (Tad Book3 editing book page does not perform identity 
verification. Re ...)
-       TODO: check
+       NOT-FOR-US: Tad Book3
 CVE-2021-3858
        RESERVED
 CVE-2021-3857
@@ -397,7 +397,7 @@ CVE-2021-41949
 CVE-2021-41948
        RESERVED
 CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in 
the visu ...)
-       TODO: check
+       NOT-FOR-US: Subrion CMS
 CVE-2021-41946
        RESERVED
 CVE-2021-41945
@@ -451,15 +451,15 @@ CVE-2021-41922
 CVE-2021-41921
        RESERVED
 CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated 
user to pe ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user 
to arbi ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user 
to inje ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user 
to stor ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas 
version ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-41915
        RESERVED
 CVE-2021-41914
@@ -666,7 +666,7 @@ CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 
10.1.2121.1 has hard
 CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows 
app/controllers ...)
        NOT-FOR-US: PlaceOS Authentication Service
 CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Verint Workforce Optimization (WFO)
 CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...)
        NOT-FOR-US: Craft CMS
 CVE-2021-41823
@@ -1256,17 +1256,17 @@ CVE-2021-41569
 CVE-2021-3826
        RESERVED
 CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote 
attackers c ...)
-       TODO: check
+       NOT-FOR-US: Tad Web
 CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tad Uploader
 CVE-2021-41566 (The file extension of the TadTools file upload function fails 
to filte ...)
-       TODO: check
+       NOT-FOR-US: TadTools
 CVE-2021-41565 (TadTools special page parameter does not properly restrict the 
input o ...)
-       TODO: check
+       NOT-FOR-US: TadTools
 CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to 
authorization by ...)
-       TODO: check
+       NOT-FOR-US: Tad Honor
 CVE-2021-41563 (Tad Book3 editing book function does not filter special 
characters. Un ...)
-       TODO: check
+       NOT-FOR-US: Tad Book3
 CVE-2021-41562
        RESERVED
 CVE-2021-41561
@@ -2886,7 +2886,7 @@ CVE-2021-40834
 CVE-2021-40833
        RESERVED
 CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in 
F-Secure Atl ...)
-       TODO: check
+       NOT-FOR-US: F-Secure
 CVE-2021-40831
        RESERVED
 CVE-2021-40830
@@ -38463,7 +38463,7 @@ CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle 
GlassFish Server 3.1.2.18
 CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting 
(XSS)  ...)
        NOT-FOR-US: Plone
 CVE-2021-3312 (An XML external entity (XXE) vulnerability in Alkacon OpenCms 
11.0, 11 ...)
-       TODO: check
+       NOT-FOR-US: Alkacon OpenCms
 CVE-2021-3311 (An issue was discovered in October through build 471. It 
reactivates a ...)
        NOT-FOR-US: October CMS
 CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle 
Symbol ...)
@@ -41119,9 +41119,9 @@ CVE-2021-25273 (Stored XSS can execute as administrator 
in quarantined email det
 CVE-2021-25272
        RESERVED
 CVE-2021-25271 (A local attacker could read or write arbitrary files with 
administrato ...)
-       TODO: check
+       NOT-FOR-US: HitmanPro
 CVE-2021-25270 (A local attacker could execute arbitrary code with 
administrator privi ...)
-       TODO: check
+       NOT-FOR-US: HitmanPro
 CVE-2021-25269
        RESERVED
 CVE-2021-25268
@@ -53402,7 +53402,7 @@ CVE-2021-20602 (Improper Handling of Exceptional 
Conditions vulnerability in GOT
 CVE-2021-20601
        RESERVED
 CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C 
Controller M ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2021-20599
        RESERVED
 CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in 
Mitsubis ...)
@@ -79634,7 +79634,7 @@ CVE-2020-21867
 CVE-2020-21866
        RESERVED
 CVE-2020-21865 (ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: ThinkPHP50-CMS
 CVE-2020-21864
        RESERVED
 CVE-2020-21863
@@ -79906,15 +79906,15 @@ CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site 
Scripting (XSS) via http:/
 CVE-2020-21730
        RESERVED
 CVE-2020-21729 (JEECMS x1.1 contains a stored cross-site scripting (XSS) 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: JEECMS
 CVE-2020-21728
        RESERVED
 CVE-2020-21727
        RESERVED
 CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in 
/Contro ...)
-       TODO: check
+       NOT-FOR-US: OpenSNS
 CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in 
/Contro ...)
-       TODO: check
+       NOT-FOR-US: OpenSNS
 CVE-2020-21724
        RESERVED
 CVE-2020-21723



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe7785b42851454c80523873a28e007f268b66f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe7785b42851454c80523873a28e007f268b66f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to