[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 15 Dec 2021 08:36:24 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
97137f96 by Salvatore Bonaccorso at 2021-12-15T17:35:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3725,9 +3725,9 @@ CVE-2021-43831
 CVE-2021-43830 (OpenProject is a web-based project management software. 
OpenProject ve ...)
        TODO: check
 CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating 
Security  ...)
-       TODO: check
+       NOT-FOR-US: PatrOwl
 CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating 
Security  ...)
-       TODO: check
+       NOT-FOR-US: PatrOwl
 CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts 
in Disco ...)
        TODO: check
 CVE-2021-43826
@@ -5862,9 +5862,9 @@ CVE-2021-43328
 CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. 
With a VCC  ...)
        NOT-FOR-US: Renesas
 CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets 
permissions on a t ...)
-       TODO: check
+       NOT-FOR-US: Automox Agent
 CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a 
temporar ...)
-       TODO: check
+       NOT-FOR-US: Automox Agent
 CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
        NOT-FOR-US: LibreNMS
 CVE-2021-43323
@@ -7332,7 +7332,7 @@ CVE-2021-43115
 CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI 
CA publis ...)
        - fort-validator 1.5.2-1
 CVE-2021-43113 (iTextPDF in iText before 7.1.17 allows command injection via a 
Compare ...)
-       TODO: check
+       NOT-FOR-US: iText
 CVE-2021-43112
        RESERVED
 CVE-2021-43111
@@ -7768,7 +7768,7 @@ CVE-2021-42947
 CVE-2021-42946
        RESERVED
 CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the 
askbigclass ...)
-       TODO: check
+       NOT-FOR-US: ZZCMS
 CVE-2021-42944
        RESERVED
 CVE-2021-42943
@@ -11510,9 +11510,9 @@ CVE-2021-41873 (Penguin Aurora TV Box 41502 is a 
high-end network HD set-top box
 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a 
denial of s ...)
        NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
 CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. 
Improper  ...)
-       TODO: check
+       NOT-FOR-US: Socomec
 CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec 
REMOTE  ...)
-       TODO: check
+       NOT-FOR-US: Socomec
 CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is 
vulnerable ...)
        NOT-FOR-US: SuiteCRM
 CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated 
attackers to u ...)
@@ -11581,7 +11581,7 @@ CVE-2021-41846
 CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify 
Secret Server ...)
        NOT-FOR-US: ThycoticCentrify Secret Server
 CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate 
and sanit ...)
-       TODO: check
+       NOT-FOR-US: Crocoblock JetEngine
 CVE-2021-41843
        RESERVED
 CVE-2021-41842
@@ -12302,7 +12302,7 @@ CVE-2021-41559
 CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL 
allows Proce ...)
        NOT-FOR-US: set_user extension for Postgres
 CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored 
Cross Site ...)
-       TODO: check
+       NOT-FOR-US: Sofico
 CVE-2021-41556
        RESERVED
 CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 
21.3.3.815 (a  ...)
@@ -19152,7 +19152,7 @@ CVE-2021-3707 (D-Link router DSL-2750U with firmware 
vME1.16 or prior versions i
 CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 
2021-08-14 a ...)
        NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
 CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the 
administr ...)
-       TODO: check
+       NOT-FOR-US: Motorola Solutions Avigilon devices
 CVE-2021-38700
        RESERVED
 CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, 
/admin/dashb ...)
@@ -29450,7 +29450,7 @@ CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and 
earlier, an attacker can use
 CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for 
Windows befor ...)
        TODO: check
 CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for 
Android, iOS, L ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings 
(for An ...)
        NOT-FOR-US: Zoom
 CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client 
for Meet ...)
@@ -48759,7 +48759,7 @@ CVE-2021-26789
 CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is 
affected b ...)
        NOT-FOR-US: Oryx Embedded CycloneTCP
 CVE-2021-26787 (A cross site scripting (XSS) vulnerability in Genesys 
Workforce Manage ...)
-       TODO: check
+       NOT-FOR-US: Genesys Workforce Management
 CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland 
PlayTub ...)
        NOT-FOR-US: PlayTube
 CVE-2021-26785
@@ -49362,7 +49362,7 @@ CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by 
Arbitrary File Upload by sendi
 CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. 
In ansi_ ...)
        - node-ansi-up 5.0.0+dfsg-1 (bug #984667)
 CVE-2021-3376 (An issue was discovered in Cuppa CMS Versions Before 31 Jan 
2021 allow ...)
-       TODO: check
+       NOT-FOR-US: Cuppa CMS
 CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption 
vulnerability ...)
        NOT-FOR-US: ActivePresenter
 CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 
allows attac ...)
@@ -88036,7 +88036,7 @@ CVE-2020-23547
 CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service 
or possib ...)
        NOT-FOR-US: IrfanView
 CVE-2020-23545 (IrfanView 4.54 allows a user-mode write access violation 
starting at F ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2020-23544
        RESERVED
 CVE-2020-23543
@@ -97621,7 +97621,7 @@ CVE-2020-19044
 CVE-2020-19043
        RESERVED
 CVE-2020-19042 (Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 
XSS via  ...)
-       TODO: check
+       NOT-FOR-US: zzcms
 CVE-2020-19041
        RESERVED
 CVE-2020-19040
@@ -145102,7 +145102,7 @@ CVE-2019-19140
 CVE-2019-19139
        RESERVED
 CVE-2019-19138 (Ivanti Workspace Control before 10.4.50.0 allows attackers to 
degrade  ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2019-19137
        RESERVED
 CVE-2019-19136



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97137f96b549bcdb656c8e50284b865a970e0762

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97137f96b549bcdb656c8e50284b865a970e0762
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to