[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 13 Dec 2021 07:04:54 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
04d38433 by Moritz Muehlenhoff at 2021-12-13T16:04:19+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions 
for the c ...)
-       TODO: check
+       NOT-FOR-US: CLI for Amazon AWS OpenSearch
 CVE-2021-4103
        RESERVED
 CVE-2021-44832
@@ -107,7 +107,7 @@ CVE-2021-4099
 CVE-2021-4098
        RESERVED
 CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF 
Sequence ...)
-       TODO: check
+       NOT-FOR-US: phpservermon
 CVE-2021-4096
        RESERVED
 CVE-2022-21822
@@ -159,7 +159,7 @@ CVE-2021-4093
        NOTE: 
https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
 CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) 
...)
-       TODO: check
+       NOT-FOR-US: yetiforcecrm
 CVE-2021-4091
        RESERVED
 CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
@@ -965,7 +965,7 @@ CVE-2021-44517
 CVE-2021-44516
        RESERVED
 CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to 
authentication bypa ...)
-       TODO: check
+       NOT-FOR-US: ManageEngine
 CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 
mishandles a ...)
        NOT-FOR-US: ManageEngine
 CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 
2.3.0 a ...)
@@ -2963,7 +2963,7 @@ CVE-2021-43812
 CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for 
Neural Ma ...)
        NOT-FOR-US: Sockeye
 CVE-2021-43810 (Admidio is a free open source user management system for 
websites of o ...)
-       TODO: check
+       NOT-FOR-US: Admidio
 CVE-2021-43809 (`Bundler` is a package for managing application dependencies 
in Ruby.  ...)
        TODO: check
 CVE-2021-43808 (Laravel is a web application framework. Laravel prior to 
versions 8.75 ...)
@@ -2979,7 +2979,7 @@ CVE-2021-43805 (Solidus is a free, open-source ecommerce 
platform built on Rails
 CVE-2021-43804
        RESERVED
 CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 
12.0.5 o ...)
-       TODO: check
+       NOT-FOR-US: next.js
 CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions 
prior to 1.8 ...)
        TODO: check
 CVE-2021-43801
@@ -6859,11 +6859,11 @@ CVE-2021-42998
 CVE-2021-42997
        RESERVED
 CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 
0x22001B in th ...)
-       TODO: check
+       NOT-FOR-US: Donglify
 CVE-2021-42995
        RESERVED
 CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 
0x22001B in the ...)
-       TODO: check
+       NOT-FOR-US: Donglify
 CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL 
Handler 0x ...)
        NOT-FOR-US: FlexiHub For Windows
 CVE-2021-42992
@@ -12209,7 +12209,7 @@ CVE-2021-41247 (JupyterHub is an open source multi-user 
server for Jupyter noteb
        NOTE: 
https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
        NOTE: 
https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
 CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing 
sign on f ...)
-       TODO: check
+       NOT-FOR-US: Express OpenID Connect
 CVE-2021-41245
        RESERVED
 CVE-2021-41244 (Grafana is an open-source platform for monitoring and 
observability. I ...)
@@ -12592,7 +12592,7 @@ CVE-2021-41091 (Moby is an open-source project created 
by Docker to enable softw
        NOTE: 
https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
        NOTE: 
https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
 CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, 
logs, and  ...)
-       TODO: check
+       NOT-FOR-US: Grafana Agent
 CVE-2021-41089 (Moby is an open-source project created by Docker to enable 
software co ...)
        - docker.io 20.10.10+dfsg1-1
        [bullseye] - docker.io <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d3843308d5d78611feac624775d90c00c49c48

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d3843308d5d78611feac624775d90c00c49c48
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to