[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue, 12 Oct 2021 13:41:00 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f396798c by Salvatore Bonaccorso at 2021-10-12T22:40:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -205,7 +205,7 @@ CVE-2021-42327
 CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the 
names of  ...)
        TODO: check
 CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in 
Database/Manager/DbM ...)
-       TODO: check
+       NOT-FOR-US: Froxlor
 CVE-2021-42324
        RESERVED
 CVE-2021-42323
@@ -1990,7 +1990,7 @@ CVE-2021-41548
 CVE-2021-41547
        RESERVED
 CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 
(All versi ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-41545
        RESERVED
 CVE-2021-41544
@@ -4082,7 +4082,7 @@ CVE-2021-40620
 CVE-2021-40619
        RESERVED
 CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 
via the 1 ...)
-       TODO: check
+       NOT-FOR-US: openSIS
 CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community 
Edition ver ...)
        NOT-FOR-US: openSIS
 CVE-2021-40616
@@ -4898,7 +4898,7 @@ CVE-2021-40294
 CVE-2021-40293
        RESERVED
 CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in 
DzzOffice 2 ...)
-       TODO: check
+       NOT-FOR-US: DzzOffice
 CVE-2021-40291
        RESERVED
 CVE-2021-40290
@@ -9208,23 +9208,23 @@ CVE-2021-38462
 CVE-2021-38461
        RESERVED
 CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network 
Management s ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-38459
        RESERVED
 CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network 
Management s ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-38457
        RESERVED
 CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network 
Management s ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-38455
        RESERVED
 CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network 
Management s ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-38453
        RESERVED
 CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network 
Management s ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-38451
        RESERVED
 CVE-2021-38450
@@ -11021,25 +11021,25 @@ CVE-2021-37737
 CVE-2021-37736
        RESERVED
 CVE-2021-37735 (A remote denial of service vulnerability was discovered in 
Aruba Insta ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-37734 (A remote unauthorized read access to files vulnerability was 
discovere ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba 
SD-WAN S ...)
        NOT-FOR-US: Aruba
 CVE-2021-37732 (A remote arbitrary command execution vulnerability was 
discovered in H ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba 
SD-WAN So ...)
        NOT-FOR-US: Aruba
 CVE-2021-37730 (A remote arbitrary command execution vulnerability was 
discovered in H ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba 
SD-WAN S ...)
        NOT-FOR-US: Aruba
 CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba 
Operatin ...)
        NOT-FOR-US: Aruba
 CVE-2021-37727 (A remote arbitrary command execution vulnerability was 
discovered in H ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE 
Aruba Ins ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was 
discovere ...)
        NOT-FOR-US: Aruba
 CVE-2021-37724 (A remote arbitrary command execution vulnerability was 
discovered in A ...)
@@ -12211,7 +12211,7 @@ CVE-2021-37201 (A vulnerability has been identified in 
SINEC NMS (All versions &
 CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions 
< V1 ...)
        NOT-FOR-US: Siemens
 CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All 
versions),  ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-37198
        RESERVED
 CVE-2021-37197
@@ -16866,7 +16866,7 @@ CVE-2021-35216 (Insecure Deserialization of untrusted 
data remote code execution
 CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was 
detected ...)
        NOT-FOR-US: Solarwinds
 CVE-2021-35214 (The vulnerability can be described as a failure to invalidate 
user ses ...)
-       TODO: check
+       NOT-FOR-US: Solarwinds
 CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability 
was disc ...)
        NOT-FOR-US: SolarWinds
 CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was 
discovered in  ...)
@@ -30944,9 +30944,9 @@ CVE-2021-3477 (There's a flaw in OpenEXR's deep tile 
sample size calculations in
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
        NOTE: Introduced by 
https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344
 (v2.0.0)
 CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls 
the SendM ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 
contains a remo ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via 
an unsa ...)
        NOT-FOR-US: PRTG Network Monitor
 CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to 
change the U ...)
@@ -36429,7 +36429,7 @@ CVE-2021-27397 (A vulnerability has been identified in 
Tecnomatix Plant Simulati
 CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant 
Simulation (Al ...)
        NOT-FOR-US: Tecnomatix Plant Simulation
 CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process 
Historian 2013  ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-27394 (A vulnerability has been identified in Mendix Applications 
using Mendi ...)
        NOT-FOR-US: Mendix Applications (Siemens)
 CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All 
versions), Nuc ...)
@@ -37322,7 +37322,7 @@ CVE-2021-27005
 CVE-2021-27004
        RESERVED
 CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 
9.8P5 a ...)
-       TODO: check
+       NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible 
to a vul ...)
        NOT-FOR-US: NetApp Cloud Manager
 CVE-2021-27001
@@ -65172,7 +65172,7 @@ CVE-2020-28147
 CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms 
v1.4.7 and  ...)
        NOT-FOR-US: Eyoucms
 CVE-2020-28145 (Arbitrary file deletion vulnerability was discovered in 
wuzhicms v 4.0 ...)
-       TODO: check
+       NOT-FOR-US: wuzhicms
 CVE-2020-28144 (Certain Moxa Inc products are affected by an improper 
restriction of o ...)
        NOT-FOR-US: Moxa
 CVE-2020-28143



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f396798cbf68b581273d301b6de2e6b480ecc028

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f396798cbf68b581273d301b6de2e6b480ecc028
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to