[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 01 Nov 2021 13:51:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b4c83d3e by Salvatore Bonaccorso at 2021-11-01T21:51:00+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -185,7 +185,7 @@ CVE-2021-43084
 CVE-2021-3916
        RESERVED
 CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF 
check whe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-43083
        RESERVED
 CVE-2021-43082
@@ -193,9 +193,9 @@ CVE-2021-43082
 CVE-2021-3915
        RESERVED
 CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is 
lacking ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have 
CSRF check ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-43081
        RESERVED
 CVE-2021-43080
@@ -341,11 +341,11 @@ CVE-2021-3907
 CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with 
Dangerous  ...)
        NOT-FOR-US: bookstack
 CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have 
any auth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does 
not have p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 
does not s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-43032
        RESERVED
 CVE-2021-43031
@@ -400,7 +400,7 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer 
Overflow ...)
        NOTE: 
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
        NOTE: PoC crashes starting with 
https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 
(v8.2.0149)
 CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-43010
        RESERVED
 CVE-2021-43009
@@ -1381,7 +1381,7 @@ CVE-2021-42559
 CVE-2021-42558
        RESERVED
 CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to 
bypass API ...)
-       TODO: check
+       NOT-FOR-US: Jeedom
 CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive 
extract ...)
        NOT-FOR-US: Rasa X
 CVE-2021-42555
@@ -3961,7 +3961,7 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site 
Request Forgery (CSRF) ...)
 CVE-2021-3857
        RESERVED
 CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request 
may cau ...)
-       TODO: check
+       NOT-FOR-US: Apache MINA
 CVE-2021-41972
        RESERVED
 CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with 
ENABLE_ ...)
@@ -11290,7 +11290,7 @@ CVE-2021-38849
 CVE-2021-38848
        RESERVED
 CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary 
file up ...)
-       TODO: check
+       NOT-FOR-US: S-Cart
 CVE-2021-38846
        RESERVED
 CVE-2021-38845
@@ -11778,9 +11778,9 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access 
control on the /auth/v1/us
 CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the 
/auth/v1/sso/conf ...)
        NOT-FOR-US: Eigen
 CVE-2021-3705 (Potential security vulnerabilities have been discovered on a 
certain H ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2021-3704 (Potential security vulnerabilities have been discovered on a 
certain H ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when 
NDEBUG is u ...)
        - polipo <removed>
        [buster] - polipo <ignored> (Minor issue)
@@ -35187,9 +35187,9 @@ CVE-2021-29215
 CVE-2021-29214
        RESERVED
 CVE-2021-29213 (A potential local bypass of security restrictions 
vulnerability has be ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2021-29212 (A remote unauthenticated directory traversal security 
vulnerability ha ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated 
Lights-Out ...)
        NOT-FOR-US: HPE
 CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered 
in HPE I ...)
@@ -37534,7 +37534,7 @@ CVE-2021-28217
 CVE-2021-3441 (A potential security vulnerability has been identified for the 
HP Offi ...)
        NOT-FOR-US: HP
 CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart 
App for W ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2021-3439
        RESERVED
 CVE-2021-3438 (A potential buffer overflow in the software drivers for certain 
HP Las ...)
@@ -39039,7 +39039,7 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in 
the GNU C Library (aka g
        NOTE: Introducing commit present in Debian since 2.28-1 with addition of
        NOTE: 
https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
 CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized 
users can ...)
-       TODO: check
+       NOT-FOR-US: Apache DolphinScheduler
 CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
        NOT-FOR-US: SAP
 CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
@@ -40473,9 +40473,9 @@ CVE-2021-27007
 CVE-2021-27006
        RESERVED
 CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 
9.7P16,  ...)
-       TODO: check
+       NOT-FOR-US: Clustered Data ONTAP
 CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 
9.8P7 and  ...)
-       TODO: check
+       NOT-FOR-US: NetAPP
 CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 
9.8P5 a ...)
        NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible 
to a vul ...)
@@ -41126,9 +41126,9 @@ CVE-2021-26742
 CVE-2021-26741
        RESERVED
 CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken 
doyocms 2 ...)
-       TODO: check
+       NOT-FOR-US: doyocms
 CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, 
allows  ...)
-       TODO: check
+       NOT-FOR-US: doyocms
 CVE-2021-26738
        RESERVED
 CVE-2021-26737



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c83d3e33cd13a01c3e739c0ff11ad1a2258b73

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c83d3e33cd13a01c3e739c0ff11ad1a2258b73
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to