[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 01 Dec 2021 12:32:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3d8d5212 by Salvatore Bonaccorso at 2021-12-01T21:31:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,9 +61,9 @@ CVE-2021-44482
 CVE-2021-44481
        RESERVED
 CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote 
attackers (who ...)
-       TODO: check
+       NOT-FOR-US: Wokka Lokka Q50 devices
 CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted 
wlength  ...)
-       TODO: check
+       NOT-FOR-US: NXP Kinetis K82 devices
 CVE-2021-44478
        RESERVED
 CVE-2021-4038
@@ -489,13 +489,13 @@ CVE-2021-44282
 CVE-2021-44281
        RESERVED
 CVE-2021-44280 (attendance management system 1.0 is affected by a SQL 
injection vulner ...)
-       TODO: check
+       NOT-FOR-US: attendance management system
 CVE-2021-44279 (Librenms 21.11.0 is affected by is affected by a Cross Site 
Scripting  ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2021-44278
        RESERVED
 CVE-2021-44277 (Librenms 21.11.0 is affected by is affected by a Cross Site 
Scripting  ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2021-44276
        RESERVED
 CVE-2021-44275
@@ -791,9 +791,9 @@ CVE-2021-44208
 CVE-2021-44207
        RESERVED
 CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input 
During Web  ...)
-       TODO: check
+       NOT-FOR-US: snipe-it
 CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-       TODO: check
+       NOT-FOR-US: showdoc
 CVE-2021-44206
        RESERVED
 CVE-2021-44205
@@ -819,7 +819,7 @@ CVE-2021-44196
 CVE-2021-4016
        RESERVED
 CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 
...)
-       TODO: check
+       NOT-FOR-US: firefly-iii
 CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and 
escape  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-4014
@@ -1113,11 +1113,11 @@ CVE-2021-3996
 CVE-2021-3995
        RESERVED
 CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of 
Input Duri ...)
-       TODO: check
+       NOT-FOR-US: django-helpdesk
 CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-       TODO: check
+       NOT-FOR-US: showdoc
 CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...)
-       TODO: check
+       NOT-FOR-US: kimai2
 CVE-2021-44078
        RESERVED
 CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk 
Plus MSP  ...)
@@ -1125,9 +1125,9 @@ CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 
11306, ServiceDesk Plu
 CVE-2021-3991
        RESERVED
 CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak 
Pseudo-Random N ...)
-       TODO: check
+       NOT-FOR-US: showdoc
 CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
-       TODO: check
+       NOT-FOR-US: showdoc
 CVE-2021-3988
        RESERVED
 CVE-2021-3987
@@ -1207,11 +1207,11 @@ CVE-2021-44042
 CVE-2021-44041
        RESERVED
 CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During 
Web Pa ...)
-       TODO: check
+       NOT-FOR-US: kimai2
 CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
        TODO: check
 CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During 
Web Pa ...)
-       TODO: check
+       NOT-FOR-US: kimai2
 CVE-2022-21742
        RESERVED
 CVE-2021-44040
@@ -3021,13 +3021,13 @@ CVE-2021-43692 (youtube-php-mirroring (last update Jun 
9, 2017) is affected by a
 CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation 
vulnerability in f ...)
        NOT-FOR-US: tripexpress
 CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: YurunProxy
 CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by is affected 
by a Cros ...)
        TODO: check
 CVE-2021-43688
        RESERVED
 CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting 
(XSS) vulne ...)
-       TODO: check
+       NOT-FOR-US: Chamilo-lms
 CVE-2021-43686
        RESERVED
 CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation 
vulnerab ...)
@@ -3650,7 +3650,7 @@ CVE-2021-43453
 CVE-2021-43452
        RESERVED
 CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee 
Record Manag ...)
-       TODO: check
+       NOT-FOR-US: PHPGURUKUL
 CVE-2021-43450
        RESERVED
 CVE-2021-43449



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d8d5212de4a053cc2322d735576ce0450c858b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d8d5212de4a053cc2322d735576ce0450c858b9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to