[Git][security-tracker-team/security-tracker][master] Process more NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dc54ad1f by Salvatore Bonaccorso at 2021-09-23T22:33:09+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -307,7 +307,7 @@ CVE-2021-41430
 CVE-2021-41429
        RESERVED
 CVE-2021-41428 (Insecure permissions in Update Manager <= 5.8.0.2300 and 
DFL <=  ...)
-       TODO: check
+       NOT-FOR-US: DATEV
 CVE-2021-41427
        RESERVED
 CVE-2021-41426
@@ -402,7 +402,7 @@ CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices 
allows an admin to e
 CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server 
managem ...)
        NOT-FOR-US: Plastic SCM
 CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory 
Traversal. ...)
-       TODO: check
+       NOT-FOR-US: Payara Micro Community
 CVE-2021-3816
        RESERVED
 CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a 
denial of ...)
@@ -10788,9 +10788,9 @@ CVE-2021-36875
 CVE-2021-36874
        RESERVED
 CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) 
vulnerability in W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) 
vulnerability in W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) 
vulnerabi ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) 
vulnerabi ...)
@@ -10888,7 +10888,7 @@ CVE-2021-36825
 CVE-2021-36824
        RESERVED
 CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability 
in WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-36822
        RESERVED
 CVE-2021-36821
@@ -35641,7 +35641,7 @@ CVE-2021-26796
 CVE-2021-26795
        RESERVED
 CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 
allows  ...)
-       TODO: check
+       NOT-FOR-US: FrogCMS SentCMS
 CVE-2021-26793
        RESERVED
 CVE-2021-26792
@@ -44716,15 +44716,15 @@ CVE-2021-22955
 CVE-2021-22954
        RESERVED
 CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an 
attacker to c ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and 
earlier pe ...)
        TODO: check
 CVE-2021-22951
        RESERVED
 CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing 
attachme ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an 
attacker to d ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2021-22948 (Vulnerability in the generation of session IDs in 
revive-adserver < ...)
        TODO: check
 CVE-2021-22947 [STARTTLS protocol injection via MITM]
@@ -44755,7 +44755,7 @@ CVE-2021-22942 [ossible Open Redirect in Host 
Authorization Middleware]
        [stretch] - rails <not-affected> (Vulnerable code not present)
        NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1
 CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones 
controller b ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a 
use aft ...)
        - nodejs 12.22.5~dfsg-1
        [bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 
not applied)
@@ -46348,7 +46348,7 @@ CVE-2021-22278
 CVE-2021-22277
        RESERVED
 CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the 
integrity ...)
-       TODO: check
+       NOT-FOR-US: ABB
 CVE-2021-22275
        RESERVED
 CVE-2021-22274
@@ -46939,37 +46939,37 @@ CVE-2021-22022 (The vRealize Operations Manager API 
(8.x prior to 8.5) contains
 CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a 
Cross Site S ...)
        NOT-FOR-US: VMware
 CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability 
in the A ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability 
in VAPI  ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability 
due to im ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22015 (The vCenter Server contains multiple local privilege 
escalation vulner ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22014 (The vCenter Server contains an authenticated code execution 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22013 (The vCenter Server contains a file path traversal 
vulnerability leadin ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22012 (The vCenter Server contains an information disclosure 
vulnerability du ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability 
in VPXD  ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22009 (The vCenter Server contains multiple denial-of-service 
vulnerabilities ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22008 (The vCenter Server contains an information disclosure 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22007 (The vCenter Server contains a local information disclosure 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass 
vulnerability due t ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22005 (The vCenter Server contains an arbitrary file upload 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The 
salt mini ...)
        - salt <unfixed> (bug #994016)
        NOTE: 
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
@@ -46995,7 +46995,7 @@ CVE-2021-21995 (OpenSLP as used in ESXi has a 
denial-of-service vulnerability du
 CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an 
authenticatio ...)
        NOT-FOR-US: VMware
 CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request 
Forgery) vuln ...)
-       TODO: check
+       NOT-FOR-US: VMWare
 CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability 
due to i ...)
        NOT-FOR-US: VMware
 CVE-2021-21991 (The vCenter Server contains a local privilege escalation 
vulnerability ...)
@@ -47171,7 +47171,7 @@ CVE-2021-21915
 CVE-2021-21914
        RESERVED
 CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi 
Smart Mesh  ...)
-       TODO: check
+       NOT-FOR-US: D-LINK
 CVE-2021-21912
        RESERVED
 CVE-2021-21911



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc54ad1f11cfb0b19bf6307f1a9774dc8a1d25f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc54ad1f11cfb0b19bf6307f1a9774dc8a1d25f2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits