[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso Mon, 01 Mar 2021 00:34:11 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5c6ce967 by Salvatore Bonaccorso at 2021-03-01T09:33:22+01:00
Process some NFUs

- - - - -
c850aa28 by Salvatore Bonaccorso at 2021-03-01T09:33:37+01:00
Add CVE-2020-28646/owncloud

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1240,7 +1240,7 @@ CVE-2021-27227
 CVE-2021-27226
        RESERVED
 CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in 
the Jupyte ...)
-       TODO: check
+       NOT-FOR-US: Dataiku DSS
 CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a 
user-mode write ...)
        NOT-FOR-US: WPG plugin for IrfanView
 CVE-2021-27223
@@ -9138,7 +9138,7 @@ CVE-2021-23835 (An issue was discovered in flatCore 
before 2.0.0 build 139. A lo
 CVE-2021-3125
        RESERVED
 CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in 
robust.systems prod ...)
-       TODO: check
+       NOT-FOR-US: WordPress Plugin Custom Global Variables
 CVE-2021-3123
        RESERVED
 CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH 
servers per ...)
@@ -13104,7 +13104,7 @@ CVE-2021-3012
 CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on 
NXP Smart ...)
        NOT-FOR-US: NXP
 CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) 
vulnerabiliti ...)
-       TODO: check
+       NOT-FOR-US: OpenText Content Server
 CVE-2021-3009
        RESERVED
 CVE-2021-3008
@@ -24097,7 +24097,7 @@ CVE-2020-28648 (Improper input validation in the 
Auto-Discovery component of Nag
 CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user 
could craf ...)
        NOT-FOR-US: Progress MOVEit Transfer
 CVE-2020-28646 (ownCloud owncloud/client before 2.7 allows DLL Injection. The 
desktop  ...)
-       TODO: check
+       - owncloud <removed>
 CVE-2020-28645 (Deleting users with certain names caused system files to be 
deleted. R ...)
        - owncloud <removed>
 CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was 
improperly imple ...)
@@ -27777,7 +27777,7 @@ CVE-2020-28201
 CVE-2020-28200
        RESERVED
 CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes 
Sensitive  ...)
-       TODO: check
+       NOT-FOR-US: Amazon Pay Plugin for Shopware
 CVE-2020-28198
        RESERVED
 CVE-2020-28197
@@ -33121,7 +33121,7 @@ CVE-2020-26202
 CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a 
weak pass ...)
        NOT-FOR-US: Askey
 CVE-2020-26200 (A component of Kaspersky custom boot loader allowed loading of 
untrust ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky products
 CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 
5.0.4.0.5.012 ...)
        NOT-FOR-US: EMC
 CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 
contain a  ...)
@@ -36745,7 +36745,7 @@ CVE-2020-24688
 CVE-2020-24687
        RESERVED
 CVE-2020-24686 (The vulnerabilities can be exploited to cause the web 
visualization co ...)
-       TODO: check
+       NOT-FOR-US: ABB AC500 V2 products
 CVE-2020-24685 (An unauthenticated specially crafted packet sent by an 
attacker over t ...)
        NOT-FOR-US: ABB
 CVE-2020-24684
@@ -121685,7 +121685,7 @@ CVE-2019-11686 (Western Digital SanDisk X300, X300s, 
X400, and X600 devices: A v
 CVE-2019-11685
        RESERVED
 CVE-2019-11684 (Improper Access Control in the RCP+ server of the Bosch Video 
Recordin ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux 
kernel  ...)
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5833afdbfe92c03d6e4a8ca7d9dae0530d97760e...c850aa289fdd44155f2dcddf23c00c7368dc7ffa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5833afdbfe92c03d6e4a8ca7d9dae0530d97760e...c850aa289fdd44155f2dcddf23c00c7368dc7ffa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Reply via email to