[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Wed, 03 Feb 2021 12:49:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
10f0e521 by Salvatore Bonaccorso at 2021-02-03T21:49:17+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3525,11 +3525,11 @@ CVE-2021-25278
 CVE-2021-25277
        RESERVED
 CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a 
directory cont ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various 
SolarWin ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 
2020.2.4 use ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-3159
        RESERVED
 CVE-2021-25273
@@ -16270,9 +16270,9 @@ CVE-2020-35484
 CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on 
a system ...)
        NOT-FOR-US: AnyDesk
 CVE-2020-35482 (SolarWinds Serv-U before 15.2.2 allows authenticated reflected 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2020-35481 (SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro 
Injection ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing 
users (acc ...)
        {DSA-4816-1 DLA-2504-1}
        - mediawiki 1:1.35.1-1
@@ -20723,7 +20723,7 @@ CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 
2020-11-20 did not ensure t
        NOTE: 
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
        NOTE: 
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
 CVE-2020-28895 (In Wind River VxWorks, memory allocator has a possible 
overflow in cal ...)
-       TODO: check
+       NOT-FOR-US: Wind River VxWorks
 CVE-2020-28894
        RESERVED
 CVE-2020-28893
@@ -21214,7 +21214,7 @@ CVE-2020-28655
 CVE-2020-28654
        RESERVED
 CVE-2020-28653 (Zoho ManageEngine OpManager Stable build before 125203 (and 
Released b ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine OpManager Stable
 CVE-2020-28652
        RESERVED
 CVE-2020-28651
@@ -25001,7 +25001,7 @@ CVE-2020-28146
 CVE-2020-28145
        RESERVED
 CVE-2020-28144 (Certain Moxa Inc products are affected by an improper 
restriction of o ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2020-28143
        RESERVED
 CVE-2020-28142
@@ -25348,7 +25348,7 @@ CVE-2020-28003
 CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve 
authenticat ...)
        NOT-FOR-US: SonarQube
 CVE-2020-28001 (SolarWinds Serv-U before 15.2.2 allows Authenticated Stored 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2020-28000
        RESERVED
 CVE-2020-27999
@@ -25362,7 +25362,7 @@ CVE-2020-27996 (An issue was discovered in 
SmartStoreNET before 4.0.1. It does n
 CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 
before 1456 ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2020-27994 (SolarWinds Serv-U before 15.2.2 allows Authenticated Directory 
Travers ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&amp;filename=../ 
directory tra ...)
        NOT-FOR-US: Hrsale
 CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a 
Trojan horse ...)
@@ -72747,9 +72747,9 @@ CVE-2020-8591 (eG Manager 7.1.2 allows authentication 
bypass via a com.egurkha.E
 CVE-2020-8590
        RESERVED
 CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are 
susceptib ...)
-       TODO: check
+       NOT-FOR-US: Clustered Data ONTAP
 CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are 
susceptib ...)
-       TODO: check
+       NOT-FOR-US: Clustered Data ONTAP
 CVE-2020-8587
        RESERVED
 CVE-2020-8586
@@ -88843,9 +88843,9 @@ CVE-2020-2509
 CVE-2020-2508 (A command injection vulnerability has been reported to affect 
QTS and  ...)
        NOT-FOR-US: QNAP
 CVE-2020-2507 (The vulnerability have been reported to affect earlier versions 
of QTS ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2506 (The vulnerability have been reported to affect earlier versions 
of QTS ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain 
sensiti ...)
        NOT-FOR-US: QNAP
 CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could 
allow a ...)
@@ -103408,7 +103408,7 @@ CVE-2019-16270
 CVE-2019-16269
        RESERVED
 CVE-2019-16268 (Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML 
injection vi ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Remote Access Plus
 CVE-2019-16267
        RESERVED
 CVE-2019-16266



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f0e5216220270c16e96fe445d9001567b64c6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f0e5216220270c16e96fe445d9001567b64c6d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to