[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Thu, 02 Dec 2021 12:18:10 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
29c8d074 by Salvatore Bonaccorso at 2021-12-02T21:17:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2021-44520
 CVE-2021-44519
        RESERVED
 CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel 
Padlock ...)
-       TODO: check
+       NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for 
Android
 CVE-2021-44517
        RESERVED
 CVE-2021-44516
@@ -35,9 +35,9 @@ CVE-2021-44513
 CVE-2021-44512
        RESERVED
 CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does 
not esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does 
not hav ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-44511
        RESERVED
 CVE-2021-44510
@@ -1234,7 +1234,7 @@ CVE-2021-44052
 CVE-2021-44051
        RESERVED
 CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a 
SQL inject ...)
-       TODO: check
+       NOT-FOR-US: CA Network Flow Analysis (NFA)
 CVE-2021-44049
        RESERVED
 CVE-2021-44048
@@ -2018,7 +2018,7 @@ CVE-2021-43797
 CVE-2021-43796
        RESERVED
 CVE-2021-43795 (Armeria is an open source microservice framework. In affected 
versions ...)
-       TODO: check
+       NOT-FOR-US: Armeria
 CVE-2021-43794 (Discourse is an open source discussion platform. In affected 
versions  ...)
        NOT-FOR-US: Discourse
 CVE-2021-43793 (Discourse is an open source discussion platform. In affected 
versions  ...)
@@ -3078,7 +3078,7 @@ CVE-2021-43688
 CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting 
(XSS) vulne ...)
        NOT-FOR-US: Chamilo-lms
 CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: nZEDb
 CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation 
vulnerab ...)
        TODO: check
 CVE-2021-43684
@@ -3088,11 +3088,11 @@ CVE-2021-43683 (pictshare v1.5 is affected by a Cross 
Site Scripting (XSS) vulne
 CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a 
Cross Site  ...)
        TODO: check
 CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting 
(XSS) vulne ...)
-       TODO: check
+       NOT-FOR-US: SakuraPanel
 CVE-2021-43680
        RESERVED
 CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in 
shopex\e ...)
-       TODO: check
+       NOT-FOR-US: ecshop
 CVE-2021-43678
        RESERVED
 CVE-2021-43677
@@ -3384,7 +3384,7 @@ CVE-2021-3945 (django-helpdesk is vulnerable to Improper 
Neutralization of Input
 CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote 
attackers (fro ...)
        NOT-FOR-US: Diffie Hellmann kex protocol issue
 CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) 
...)
-       TODO: check
+       NOT-FOR-US: bookstack
 CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 
3.10.7, ...)
        - moodle <removed>
 CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded 
password ETS ...)
@@ -13324,9 +13324,9 @@ CVE-2021-40336
 CVE-2021-40335
        RESERVED
 CVE-2021-40334 (Missing Handler vulnerability in the proprietary management 
protocol ( ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy 
FOX61x, XCM ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2021-40332
        RESERVED
 CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg 
limits and DoS attacks]
@@ -15742,7 +15742,7 @@ CVE-2021-3727 (# Vulnerability in `rand-quote` and 
`hitokoto` plugins **Descript
 CVE-2021-3726 (# Vulnerability in `title` function **Description**: the 
`title` funct ...)
        TODO: check
 CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets 
that go ba ...)
-       TODO: check
+       NOT-FOR-US: ohmyzsh
 CVE-2021-3724
        RESERVED
        NOT-FOR-US: Red Hat Serverless
@@ -46787,7 +46787,7 @@ CVE-2021-26779
 CVE-2021-26778
        RESERVED
 CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in 
index.cgi in  ...)
-       TODO: check
+       NOT-FOR-US: CIRCUTOR COMPACT DC-S BASIC smart metering concentrator 
Firwmare
 CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) 
vulnerabilit ...)
        NOT-FOR-US: CSZ CMS
 CVE-2021-26775
@@ -48863,7 +48863,7 @@ CVE-2021-25969 (In Camaleon CMS application, versions 
0.0.1 to 2.6.0 are vulnera
 CVE-2021-25968 (In &#8220;OpenCMS&#8221;, versions 10.5.0 to 11.0.2 are 
affected by a  ...)
        NOT-FOR-US: OpenCMS
 CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2021-25966 (In &#8220;Orchard core CMS&#8221; application, versions 
1.0.0-beta1-33 ...)
        NOT-FOR-US: Orchard CMS
 CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to 
Cross-Site  ...)
@@ -55276,17 +55276,17 @@ CVE-2021-23265
 CVE-2021-23264 (Installations, where crafter-search is not protected, allow 
unauthenti ...)
        TODO: check
 CVE-2021-23263 (Unauthenticated remote attackers can read textual content via 
FreeMark ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23262 (Authenticated administrators may modify the main YAML 
configuration fi ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23261 (Authenticated administrators may override the system 
configuration fil ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via 
file na ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23259 (Authenticated users with Administrator or Developer roles may 
execute  ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23258 (Authenticated users with Administrator or Developer roles may 
execute  ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23257
        RESERVED
 CVE-2021-23256
@@ -76738,7 +76738,7 @@ CVE-2020-27416
 CVE-2020-27415
        RESERVED
 CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit 
sensitive info ...)
-       TODO: check
+       NOT-FOR-US: Mahavitaran android application
 CVE-2020-27413
        RESERVED
 CVE-2020-27412



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c8d074560455b05410c3d9cb4f8a378654cfec

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c8d074560455b05410c3d9cb4f8a378654cfec
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to