[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) Thu, 14 Apr 2022 00:55:06 -0700


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7e43f485 by Neil Williams at 2022-04-14T08:54:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8216,7 +8216,7 @@ CVE-2022-26153
 CVE-2022-26152
        RESERVED
 CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, 
and 10. ...)
-       TODO: check
+       NOT-FOR-US: Citrix XenMobile Server
 CVE-2022-26150
        RESERVED
 CVE-2022-26080
@@ -26616,7 +26616,7 @@ CVE-2021-4040
 CVE-2021-4039 (A command injection vulnerability in the web interface of the 
Zyxel NW ...)
        NOT-FOR-US: Zyxel
 CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an 
Authenticate ...)
-       TODO: check
+       NOT-FOR-US: Citrix XenMobile Server
 CVE-2021-44519
        RESERVED
 CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel 
Padlock ...)
@@ -27582,7 +27582,7 @@ CVE-2021-44171
 CVE-2021-44170
        RESERVED
 CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) 
version 6. ...)
-       TODO: check
+       NOT-FOR-US: Fortinet FortiClient
 CVE-2021-44168 (A download of code without integrity check vulnerability in 
the "execu ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-44167
@@ -29981,9 +29981,9 @@ CVE-2021-43744
 CVE-2021-43743
        RESERVED
 CVE-2021-43742 (CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via 
the file  ...)
-       TODO: check
+       NOT-FOR-US: CMSimple
 CVE-2021-43741 (CMSimple 5.4 is vulnerable to Directory Traversal. The 
vulnerability e ...)
-       TODO: check
+       NOT-FOR-US: CMSimple
 CVE-2021-43740
        RESERVED
 CVE-2021-43739
@@ -30654,7 +30654,7 @@ CVE-2021-3933 (An integer overflow could occur when 
OpenEXR processes a crafted
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
        NOTE: Fixed by: 
https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
 CVE-2021-43521 (A Buffer Overflow vulnerability exists in zlog 1.2.15 via 
zlog_conf_bu ...)
-       TODO: check
+       NOT-FOR-US: zlog
 CVE-2021-43520
        RESERVED
 CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 
5.1.0~5.4.4 a ...)
@@ -30685,11 +30685,11 @@ CVE-2021-43518 (Teeworlds up to and including 0.7.5 
is vulnerable to Buffer Over
        NOTE: 
https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368
        NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
 CVE-2021-43517 (FOSCAM Camera FI9805E with firmware 
V4.02.R12.00018510.10012.143900.00 ...)
-       TODO: check
+       NOT-FOR-US: Xiaongmai
 CVE-2021-43516
        RESERVED
 CVE-2021-43515 (CSV Injection (aka Excel Macro Injection or Formula Injection) 
exists  ...)
-       TODO: check
+       NOT-FOR-US: kimai2
 CVE-2021-43514
        RESERVED
 CVE-2021-43513
@@ -36236,7 +36236,7 @@ CVE-2021-42138 (A user of a machine protected by 
SafeNet Agent for Windows Logon
 CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, 
there i ...)
        - zammad <itp> (bug #841355)
 CVE-2021-42136 (A stored Cross-Site Scripting (XSS) vulnerability in the 
Missing Data  ...)
-       TODO: check
+       NOT-FOR-US: REDCap
 CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may 
have an u ...)
        NOT-FOR-US: HashiCorp Vault
 CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via 
a compon ...)
@@ -95322,7 +95322,7 @@ CVE-2020-29655 (An injection vulnerability exists in 
RT-AC88U Download Master be
 CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking 
that lea ...)
        NOT-FOR-US: Western Digital Dashboard
 CVE-2020-29653 (Froxlor through 0.10.22 does not perform validation on user 
input pass ...)
-       TODO: check
+       NOT-FOR-US: Froxlor
 CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh 
component thr ...)
        - golang-go.crypto 1:0.0~git20201221.eec23a3-1
        [buster] - golang-go.crypto <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e43f4856093cd724e9a5b0b95b4162a4967ca9e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e43f4856093cd724e9a5b0b95b4162a4967ca9e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to