[Git][security-tracker-team/security-tracker][master] Process more NFUs

Wed, 13 Oct 2021 13:48:03 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74b42708 by Salvatore Bonaccorso at 2021-10-13T22:47:32+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39182,7 +39182,7 @@ CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote 
attackers to bypass a protecti
 CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute 
arbitrary pro ...)
        NOT-FOR-US: WinSCP
 CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds 
write w ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3329
        RESERVED
 CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 
and 2.1 ...)
@@ -39261,11 +39261,11 @@ CVE-2021-3325 (Monitorix 3.13.0 allows remote 
attackers to bypass Basic Authenti
 CVE-2021-3324
        RESERVED
 CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in 
Zephyr. Zeph ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly 
in Zeph ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly 
Header  ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions 
>= v2 ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / 
Dest Addre ...)
@@ -46608,7 +46608,7 @@ CVE-2021-3059
 CVE-2021-3058
        RESERVED
 CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo 
Alto Ne ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2021-3056
        RESERVED
 CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference 
vulnera ...)
@@ -49247,13 +49247,13 @@ CVE-2021-22038
 CVE-2021-22037
        RESERVED
 CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an 
open redi ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a 
CSV(Comma Se ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-22034
        RESERVED
 CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a 
Server Side ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-22032
        RESERVED
 CVE-2021-22031
@@ -49455,9 +49455,9 @@ CVE-2021-21943
 CVE-2021-21942
        RESERVED
 CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer 
CreatePushThrea ...)
-       TODO: check
+       NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the 
pushMuxer pro ...)
-       TODO: check
+       NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21939
        RESERVED
 CVE-2021-21938
@@ -53801,11 +53801,11 @@ CVE-2021-20836
 CVE-2021-20835
        RESERVED
 CVE-2021-20834 (Improper authorization in handler for custom URL scheme 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Nike App
 CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 
does not ...)
-       TODO: check
+       NOT-FOR-US: SNKRDUNK Market Place App
 CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for 
Android ...)
-       TODO: check
+       NOT-FOR-US: InBody App
 CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags 
versions pr ...)
        TODO: check
 CVE-2021-20830
@@ -53855,31 +53855,31 @@ CVE-2021-20809 (Cross-site scripting vulnerability in 
Create screens of Entry, P
 CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable 
Type (M ...)
        - movabletype-opensource <removed>
 CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of 
Cybozu  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 
3.1.9 al ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of 
Cybozu  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote 
authenticated att ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20803 (Operation restriction bypass in the management screen of 
Cybozu Remote ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 
3.1.8 to  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote 
authenticated att ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of 
Cybozu  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of 
Cybozu  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of 
Cybozu  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20797 (Cross-site script inclusion vulnerability in the management 
screen of  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20796 (Directory traversal vulnerability in the management screen of 
Cybozu R ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the 
management scre ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20794
        RESERVED
 CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony 
Audio USB ...)
@@ -55668,9 +55668,9 @@ CVE-2021-20133
 CVE-2021-20132
        RESERVED
 CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a 
post-authentication  ...)
-       TODO: check
+       NOT-FOR-US: ManageEngine ADManager Plus
 CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a 
post-authentication  ...)
-       TODO: check
+       NOT-FOR-US: ManageEngine ADManager Plus
 CVE-2021-20129 (An information disclosure vulnerability exists in Draytek 
VigorConnect ...)
        TODO: check
 CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page 
in Drayte ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74b4270833cc35816c6485204cd8cc4074a97fe5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74b4270833cc35816c6485204cd8cc4074a97fe5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to