[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 02 Feb 2022 12:46:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9a03c9be by Salvatore Bonaccorso at 2022-02-02T21:45:37+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5047,7 +5047,7 @@ CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from 
Arbitrary file deletion d
 CVE-2021-46254
        RESERVED
 CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post 
function ...)
-       TODO: check
+       NOT-FOR-US: Anchor CMS
 CVE-2021-46252
        RESERVED
 CVE-2021-46251
@@ -6486,9 +6486,9 @@ CVE-2022-22512
 CVE-2022-22511
        RESERVED
 CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer 
derefere ...)
-       TODO: check
+       NOT-FOR-US: Codesys
 CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an 
incorrect  ...)
-       TODO: check
+       NOT-FOR-US: Phoenix Contact FL SWITCH Series
 CVE-2022-22508
        RESERVED
 CVE-2022-22507
@@ -7002,7 +7002,7 @@ CVE-2021-46095
 CVE-2021-46094
        RESERVED
 CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via 
manage_uploads ...)
-       TODO: check
+       NOT-FOR-US: eliteCMS
 CVE-2021-46092
        RESERVED
 CVE-2021-46091
@@ -9484,7 +9484,7 @@ CVE-2021-45417 (AIDE before 0.17.4 allows local users to 
obtain root privileges
        NOTE: 
https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc 
(v0.17.4)
        NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
 CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in 
RosarioSIS 8.2.1 ...)
-       TODO: check
+       NOT-FOR-US: RosarioSIS
 CVE-2021-45415
        RESERVED
 CVE-2021-45414
@@ -11595,7 +11595,7 @@ CVE-2022-21819
 CVE-2022-21818
        RESERVED
 CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource 
Sharing (CO ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2022-21816
        RESERVED
 CVE-2022-21815
@@ -11635,11 +11635,11 @@ CVE-2022-21813
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
        [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not 
supported)
 CVE-2021-44795 (Single Connect does not perform an authorization check when 
using the  ...)
-       TODO: check
+       NOT-FOR-US: Single Connect
 CVE-2021-44794 (Single Connect does not perform an authorization check when 
using the  ...)
-       TODO: check
+       NOT-FOR-US: Single Connect
 CVE-2021-44793 (Single Connect does not perform an authorization check when 
using the  ...)
-       TODO: check
+       NOT-FOR-US: Single Connect
 CVE-2021-44792 (Single Connect does not perform an authorization check when 
using the  ...)
        NOT-FOR-US: Kron Single Connect
 CVE-2021-44791
@@ -11807,7 +11807,7 @@ CVE-2021-44748
 CVE-2021-44747
        RESERVED
 CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 
and prior ...)
-       TODO: check
+       NOT-FOR-US: UNIVERGE
 CVE-2021-44745
        RESERVED
 CVE-2021-44744
@@ -16521,9 +16521,9 @@ CVE-2021-43512
 CVE-2021-43511
        RESERVED
 CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple 
Client Man ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple 
Client Man ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2021-43508
        RESERVED
 CVE-2021-43507
@@ -18561,7 +18561,7 @@ CVE-2021-43064 (A url redirection to untrusted site 
('open redirect') in Fortine
 CVE-2021-43063 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-43062 (A improper neutralization of input during web page generation 
('cross- ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access 
key unencr ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and 
earlier ...)
@@ -19302,7 +19302,7 @@ CVE-2021-42755
 CVE-2021-42754 (An improper control of generation of code vulnerability 
[CWE-94] in Fo ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-42753 (An improper limitation of a pathname to a restricted directory 
('Path  ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-42752 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-42751
@@ -19585,17 +19585,17 @@ CVE-2021-42644
 CVE-2021-42643
        RESERVED
 CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not 
sanitiz ...)
-       TODO: check
+       NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use 
user-contr ...)
-       TODO: check
+       NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42636
        RESERVED
 CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a 
hardcode ...)
@@ -19603,7 +19603,7 @@ CVE-2021-42635 (PrinterLogic Web Stack versions 
19.1.1.13 SP9 and below use a ha
 CVE-2021-42634
        RESERVED
 CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42632
        RESERVED
 CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below 
deserializes a ...)
@@ -24777,11 +24777,11 @@ CVE-2021-41020
 CVE-2021-41019 (An improper validation of certificate with host mismatch 
[CWE-297] vul ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-41018 (A improper neutralization of special elements used in an os 
command (' ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some 
web API co ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-41016 (A improper neutralization of special elements used in a 
command ('comm ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-41015 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb 
version 6.4.1 ...)
@@ -30743,7 +30743,7 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 
before 4.2.17, 4.4 befor
 CVE-2021-38561
        RESERVED
 CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the 
appName par ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in 
prenota.php  ...)
        - hoteldruid 3.0.3-1
        [bullseye] - hoteldruid <no-dsa> (Minor issue)
@@ -36665,7 +36665,7 @@ CVE-2021-36195 (Multiple command injection 
vulnerabilities in the command line i
 CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers 
of FortiW ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-36193 (Multiple stack-based buffer overflows in the command line 
interpreter  ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor 
[CWE-200 ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in 
Fortinet Fort ...)
@@ -36697,7 +36697,7 @@ CVE-2021-36179 (A stack-based buffer overflow in 
Fortinet FortiWeb version 6.3.1
 CVE-2021-36178 (A insufficiently protected credentials in Fortinet 
FortiSDNConnector v ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-36177 (An improper access control vulnerability [CWE-284] in 
FortiAuthenticat ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in 
the web  ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in 
FortiWeb ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a03c9beff8bf408a38731a3fe31a027a5a096d0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a03c9beff8bf408a38731a3fe31a027a5a096d0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to