[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 20 Dec 2021 00:37:21 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0928505e by Salvatore Bonaccorso at 2021-12-20T09:36:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -455,11 +455,11 @@ CVE-2021-4134
 CVE-2021-4133
        RESERVED
 CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of 
Input Durin ...)
-       TODO: check
+       NOT-FOR-US: livehelperchat
 CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery 
(CSRF) ...)
-       TODO: check
+       NOT-FOR-US: livehelperchat
 CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-       TODO: check
+       NOT-FOR-US: snipe-it
 CVE-2021-4129
        RESERVED
 CVE-2021-4128
@@ -551,7 +551,7 @@ CVE-2021-45101 (An issue was discovered in HTCondor before 
8.8.15, 9.0.x before
        - condor <unfixed>
        NOTE: 
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
 CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home 
Assistan ...)
-       TODO: check
+       NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal
 CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is 
possible to by ...)
        - suricata 1:6.0.4-1
        [bullseye] - suricata <no-dsa> (Minor issue)
@@ -942,9 +942,9 @@ CVE-2022-21833
 CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ 
directory traver ...)
        NOT-FOR-US: HD-Network Real-time Monitoring System
 CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x 
before 1.8 ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows 
authenticated SQL i ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
        - mruby <unfixed> (bug #1001768)
        [stretch] - mruby <postponed> (revisit when/if fix is complete)
@@ -2886,11 +2886,11 @@ CVE-2021-44319
 CVE-2021-44318
        RESERVED
 CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and 
`About Us ...)
-       TODO: check
+       NOT-FOR-US: Bus Pass Management System
 CVE-2021-44316
        RESERVED
 CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing 
is enab ...)
-       TODO: check
+       NOT-FOR-US: Bus Pass Management System
 CVE-2021-44314
        RESERVED
 CVE-2021-44313
@@ -3743,7 +3743,7 @@ CVE-2021-44037 (Team Password Manager (aka 
TeamPasswordManager) before 10.135.23
 CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 
10.135.236 has  ...)
        NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
 CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment 
uploads ...)
-       TODO: check
+       NOT-FOR-US: Wolters Kluwer TeamMate AM
 CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed 
to privilege escalation]
        RESERVED
        - gnome-shell <not-affected> (Debian packaging does not set 
cap_sys_nice+ep on gnome-shell binary)
@@ -5589,7 +5589,7 @@ CVE-2021-43680
 CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in 
shopex\e ...)
        NOT-FOR-US: ecshop
 CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting 
(XSS) vul ...)
-       TODO: check
+       NOT-FOR-US: Wechat-php-sdk
 CVE-2021-43677
        RESERVED
 CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation 
vulnerabil ...)
@@ -8568,7 +8568,7 @@ CVE-2021-42914
 CVE-2021-42913
        RESERVED
 CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS 
command inj ...)
-       TODO: check
+       NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
 CVE-2021-42911
        RESERVED
 CVE-2021-42910
@@ -9311,7 +9311,7 @@ CVE-2021-42586
 CVE-2021-42585
        RESERVED
 CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in 
Convos-Chat before ...)
-       TODO: check
+       NOT-FOR-US: Convos-Chat
 CVE-2021-42583
        RESERVED
 CVE-2021-42582
@@ -11417,7 +11417,7 @@ CVE-2021-42218
 CVE-2021-42217
        RESERVED
 CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 
0.8.5 via ...)
-       TODO: check
+       NOT-FOR-US: AnonAddy
 CVE-2021-42215
        RESERVED
 CVE-2021-42214
@@ -12061,7 +12061,7 @@ CVE-2021-41964
 CVE-2021-41963
        RESERVED
 CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in 
Sourcecodester Vehi ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2021-41961
        RESERVED
 CVE-2021-41960
@@ -12317,7 +12317,7 @@ CVE-2021-41845 (A SQL injection issue was discovered in 
ThycoticCentrify Secret
 CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate 
and sanit ...)
        NOT-FOR-US: Crocoblock JetEngine
 CVE-2021-41843 (An authenticated SQL injection issue in the calendar search 
function o ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2021-41842
        RESERVED
 CVE-2021-41841
@@ -13278,7 +13278,7 @@ CVE-2021-41453
 CVE-2021-41452
        RESERVED
 CVE-2021-41451 (An HTTP/1.1 misconfiguration in web interface of TP-Link 
AX10v1 before ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before 
v1_211117 al ...)
        NOT-FOR-US: TP-Link
 CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, 
RAX38, and ...)
@@ -14309,7 +14309,7 @@ CVE-2021-41030 (An authentication bypass by 
capture-replay vulnerability [CWE-29
 CVE-2021-41029 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-41028 (A combination of a use of hard-coded cryptographic key 
vulnerability [ ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 
6.4.1 and 6 ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-41026
@@ -14709,13 +14709,13 @@ CVE-2021-40855
 CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local 
user to obt ...)
        NOT-FOR-US: AnyDesk
 CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying 
to acces ...)
-       TODO: check
+       NOT-FOR-US: TCMAN GIM
 CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: TCMAN GIM
 CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all 
available we ...)
-       TODO: check
+       NOT-FOR-US: TCMAN GIM
 CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability 
inside severa ...)
-       TODO: check
+       NOT-FOR-US: TCMAN GIM
 CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the 
account a ...)
        - mahara <removed>
 CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, 
exported CSV  ...)
@@ -23461,7 +23461,7 @@ CVE-2021-37264
 CVE-2021-37263
        RESERVED
 CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may 
lead to Den ...)
-       TODO: check
+       NOT-FOR-US: JFinal_cms
 CVE-2021-37261
        RESERVED
 CVE-2021-37260
@@ -34913,11 +34913,11 @@ CVE-2021-32501
 CVE-2021-32500
        RESERVED
 CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to 
manipulate the  ...)
-       TODO: check
+       NOT-FOR-US: SICK SOPAS ET
 CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to 
manipulate the  ...)
-       TODO: check
+       NOT-FOR-US: SICK SOPAS ET
 CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap 
any execut ...)
-       TODO: check
+       NOT-FOR-US: SICK SOPAS ET
 CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to 
an Inad ...)
        NOT-FOR-US: SICK Visionary-S CX
 CVE-2021-32495
@@ -49472,7 +49472,7 @@ CVE-2021-26802
 CVE-2021-26801
        RESERVED
 CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in 
Change-password.php ...)
-       TODO: check
+       NOT-FOR-US: phpgurukul
 CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit 
in Omeka  ...)
        NOT-FOR-US: Omeka
 CVE-2021-26798
@@ -53322,7 +53322,7 @@ CVE-2021-25314 (A Creation of Temporary File With 
Insecure Permissions vulnerabi
 CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation 
('Cross- ...)
        NOT-FOR-US: Rancher
 CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of 
the pas ...)
-       TODO: check
+       NOT-FOR-US: GGLocker iOS application
 CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 
5.10.8, w ...)
        {DLA-2586-1}
        - linux 5.10.12-1 (unimportant)
@@ -60806,7 +60806,7 @@ CVE-2021-22056
 CVE-2021-22055
        RESERVED
 CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 
20.11.0 pr ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-22053 (Applications using both 
`spring-cloud-netflix-hystrix-dashboard` and ` ...)
        NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and 
spring-boot-starter-thymeleaf
 CVE-2021-22052
@@ -65926,11 +65926,11 @@ CVE-2021-20610 (Improper Handling of Length Parameter 
Inconsistency vulnerabilit
 CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R 
Series  ...)
        NOT-FOR-US: Mitsubishi
 CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency 
vulnerability in M ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX 
Works2 versi ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX 
Works2 vers ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 
model G ...)
        NOT-FOR-US: Mitsubishi
 CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 
model G ...)
@@ -100273,13 +100273,13 @@ CVE-2020-18083
 CVE-2020-18082
        RESERVED
 CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain 
a vulne ...)
-       TODO: check
+       NOT-FOR-US: SEMCMS
 CVE-2020-18080
        RESERVED
 CVE-2020-18079
        RESERVED
 CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 
allows attack ...)
-       TODO: check
+       NOT-FOR-US: SEMCMS
 CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping 
component  ...)
        TODO: check
 CVE-2020-18076



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0928505e912f2beb9521f5c65e6f7b6ebbcb0c51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0928505e912f2beb9521f5c65e6f7b6ebbcb0c51
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to