Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35a65bed by Salvatore Bonaccorso at 2021-02-23T09:17:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -839,7 +839,7 @@ CVE-2021-3408
CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was
discovered in PEE ...)
NOT-FOR-US: PEEL Shopping cart
CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL
Certifica ...)
- TODO: check
+ NOT-FOR-US: CIRA Canadian Shield app
CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal
client 1 al ...)
NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal
client 1 st ...)
@@ -1878,9 +1878,9 @@ CVE-2021-26727
CVE-2021-26726
RESERVED
CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web
GUI of N ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks Guardian
CVE-2021-26724 (OS Command Injection vulnerability when changing date settings
or host ...)
- TODO: check
+ NOT-FOR-US: Nozomi Networks Guardian
CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows
/ics?tool=search&query= XSS. ...)
NOT-FOR-US: Jenzabar
CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query
because ...)
@@ -3016,7 +3016,7 @@ CVE-2020-36234 (Affected versions of Atlassian Jira
Server and Data Center allow
CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server
and Dat ...)
NOT-FOR-US: Atlassian
CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before
version 4 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic
Authenticatio ...)
@@ -8664,7 +8664,7 @@ CVE-2021-23829
CVE-2021-23828
RESERVED
CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and
before 5 ...)
- TODO: check
+ NOT-FOR-US: Keybase Desktop Client
CVE-2021-23826
RESERVED
CVE-2021-23825
@@ -11178,19 +11178,19 @@ CVE-2021-22651
CVE-2021-22650
RESERVED
CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
- TODO: check
+ NOT-FOR-US: Luxion KeyShot
CVE-2021-22648
RESERVED
CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
- TODO: check
+ NOT-FOR-US: Luxion KeyShot
CVE-2021-22646
RESERVED
CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
- TODO: check
+ NOT-FOR-US: Luxion KeyShot
CVE-2021-22644
RESERVED
CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
- TODO: check
+ NOT-FOR-US: Luxion KeyShot
CVE-2021-22642
RESERVED
CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the
way the ...)
@@ -14352,7 +14352,7 @@ CVE-2020-35854 (Textpattern 4.8.4 is affected by
cross-site scripting (XSS) in t
CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by
cross-si ...)
NOT-FOR-US: 4images Image Gallery Management System
CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker
has to ...)
- TODO: check
+ NOT-FOR-US: Chatbox
CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters
properly. Att ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2021-21443
@@ -22556,7 +22556,7 @@ CVE-2020-29077
CVE-2020-29076
RESERVED
CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier),
2020.001.3001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls,
which all ...)
{DSA-4799-1 DLA-2490-1}
- x11vnc 0.9.16-5 (bug #975875)
@@ -40747,7 +40747,7 @@ CVE-2020-22476
CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by
insecure permi ...)
TODO: check
CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to
specify th ...)
- TODO: check
+ NOT-FOR-US: webERP
CVE-2020-22473
RESERVED
CVE-2020-22472
@@ -43252,7 +43252,7 @@ CVE-2020-21226
CVE-2020-21225
RESERVED
CVE-2020-21224 (A Remote Code Execution vulnerability has been found in Inspur
Cluster ...)
- TODO: check
+ NOT-FOR-US: Inspur ClusterEngine
CVE-2020-21223
RESERVED
CVE-2020-21222
@@ -46184,7 +46184,7 @@ CVE-2020-19764
CVE-2020-19763
RESERVED
CVE-2020-19762 (Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior
allows ...)
- TODO: check
+ NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL System
CVE-2020-19761
RESERVED
CVE-2020-19760
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a65bedbb4bdae34288090dd43924de87509c9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a65bedbb4bdae34288090dd43924de87509c9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
