[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust explanation for CVE-2021-27379 as the referenced URL is not accessible

Salvatore Bonaccorso Fri, 19 Feb 2021 00:25:02 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e19bee97 by Salvatore Bonaccorso at 2021-02-19T09:19:32+01:00
Adjust explanation for CVE-2021-27379 as the referenced URL is not accessible

- - - - -
79119ae0 by Salvatore Bonaccorso at 2021-02-19T09:24:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found 
in the @ ...)
        TODO: check
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow injec ...)
-       TODO: check
+       NOT-FOR-US: Askey devices
 CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices 
allow cgi-b ...)
-       TODO: check
+       NOT-FOR-US: Askey devices
 CVE-2021-27402
        RESERVED
 CVE-2021-27401
@@ -21,11 +21,11 @@ CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud 
Server does not prop
 CVE-2020-36248 (The ownCloud application before 2.15 for Android allows 
attackers to u ...)
        TODO: check
 CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows 
CSRF. ...)
-       TODO: check
+       NOT-FOR-US: Open OnDemand
 CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain 
root privil ...)
-       TODO: check
+       NOT-FOR-US: Amaze File Manager
 CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command 
injection ...)
-       TODO: check
+       NOT-FOR-US: OpenRepeater (ORP)
 CVE-2019-25023
        RESERVED
 CVE-2019-25022
@@ -80,7 +80,7 @@ CVE-2021-27380
        RESERVED
 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 
Intel HVM  ...)
        - xen <unfixed>
-       [stretch] - xen <end-of-life> (not supported; see 
https://gitlab.com/freexian-lts/debian-lts/-/commit/1b701a243a893d6cce6e59778b525407d560ab91)
+       [stretch] - xen <end-of-life> (DSA 4602-1)
        NOTE: https://xenbits.xen.org/xsa/advisory-366.html
 CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 
for Rust.  ...)
        - rust-rand-core <unfixed>
@@ -1459,7 +1459,7 @@ CVE-2021-26749
 CVE-2021-26748
        RESERVED
 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow 
Shell Metach ...)
-       TODO: check
+       NOT-FOR-US: Netis devices
 CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a 
main/calendar/agenda_list.php?type= U ...)
        TODO: check
 CVE-2021-26745
@@ -2518,7 +2518,7 @@ CVE-2021-3341 (A path traversal vulnerability in the 
DxWebEngine component of DH
 CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of 
Wikindx be ...)
        NOT-FOR-US: Wikindx
 CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access 
to mem ...)
-       TODO: check
+       NOT-FOR-US: ModernFlow
 CVE-2021-3338
        RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB 
allows remo ...)
@@ -15388,9 +15388,9 @@ CVE-2020-35594
 CVE-2020-35593
        RESERVED
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header 
to the a ...)
-       TODO: check
+       NOT-FOR-US: Pi-hole
 CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The 
application d ...)
-       TODO: check
+       NOT-FOR-US: Pi-hole
 CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded 
plugin bef ...)
        NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
 CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for 
WordPress a ...)
@@ -20011,7 +20011,7 @@ CVE-2020-29666 (In Lan ATMService M3 ATM Monitoring 
System 6.1.0, due to a direc
 CVE-2020-29665
        RESERVED
 CVE-2020-29664 (A command injection issue in dji_sys in DJI Mavic 2 Remote 
Controller  ...)
-       TODO: check
+       NOT-FOR-US: DJI Mavic 2 Remote Controller firmware
 CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where 
revoked ...)
        - icinga2 2.12.3-1
        [buster] - icinga2 <no-dsa> (Minor issue)
@@ -46262,7 +46262,7 @@ CVE-2020-19515
 CVE-2020-19514
        RESERVED
 CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: FinalWire Ltd AIDA64 Engineer
 CVE-2020-19512
        RESERVED
 CVE-2020-19511
@@ -76722,7 +76722,7 @@ CVE-2020-7851
 CVE-2020-7850
        RESERVED
 CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) 
could a ...)
-       TODO: check
+       NOT-FOR-US: uPrism.io CURIX
 CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command 
Injection vulne ...)
        NOT-FOR-US: EFM ipTIME C200 IP Camera
 CVE-2020-7847



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae...79119ae0eeab47f42592b899d5d70fc50b628240

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae...79119ae0eeab47f42592b899d5d70fc50b628240
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust explanation for CVE-2021-27379 as the referenced URL is not accessible

Reply via email to