[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 19 Jan 2021 12:26:21 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f988e980 by Salvatore Bonaccorso at 2021-01-19T21:25:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the 
app/View/Elements/global ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because 
the cl ...)
-       TODO: check
+       NOT-FOR-US: Files.com Fat Client
 CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a 
buffer  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause 
a deni ...)
        - mutt <unfixed> (bug #980326)
        NOTE: https://gitlab.com/muttmua/mutt/-/issues/323
@@ -19,11 +19,11 @@ CVE-2021-25327
 CVE-2021-25326
        RESERVED
 CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to 
app/View/Gal ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a 
cluster n ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the 
requirements (a ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2021-25322
        RESERVED
 CVE-2021-25321
@@ -5124,11 +5124,11 @@ CVE-2021-22854
 CVE-2021-22853
        RESERVED
 CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. 
Attackers can  ...)
-       TODO: check
+       NOT-FOR-US: HGiga EIP
 CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. 
Attackers can  ...)
-       TODO: check
+       NOT-FOR-US: HGiga EIP
 CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain 
pages th ...)
-       TODO: check
+       NOT-FOR-US: HGiga EIP
 CVE-2021-22849
        RESERVED
 CVE-2021-22848
@@ -15791,7 +15791,7 @@ CVE-2020-29452
 CVE-2020-29451
        RESERVED
 CVE-2020-29450 (Affected versions of Atlassian Confluence Server and Data 
Center allow ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2020-29449
        RESERVED
 CVE-2020-29448
@@ -22693,7 +22693,7 @@ CVE-2018-21269 (checkpath in OpenRC through 0.42.1 
might allow local users to ta
 CVE-2020-27734
        RESERVED
 CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 
allows an ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-27732
        RESERVED
 CVE-2020-27731
@@ -32974,7 +32974,7 @@ CVE-2020-23344
 CVE-2020-23343
        RESERVED
 CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 
anchor/views/users/ed ...)
-       TODO: check
+       NOT-FOR-US: Anchor CMS
 CVE-2020-23341
        RESERVED
 CVE-2020-23340
@@ -69086,7 +69086,7 @@ CVE-2020-8583 (Element Software versions prior to 12.2 
and HCI versions prior to
 CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior 
to 1.8P ...)
        NOT-FOR-US: HCI
 CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are 
susceptible  ...)
-       TODO: check
+       NOT-FOR-US: Clustered Data ONTAP
 CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are 
suscep ...)
        NOT-FOR-US: SANtricity OS Controller Software
 CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible 
to a v ...)
@@ -97785,7 +97785,7 @@ CVE-2019-16963
 CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML 
injection via a ...)
        NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2019-16961 (SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule 
Name. ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template 
file wit ...)
        NOT-FOR-US: SolarWinds
 CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also 
known as Fo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f988e98028309f7364f19dd37d73f55dbf5874ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f988e98028309f7364f19dd37d73f55dbf5874ad
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to