[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Fri, 05 Mar 2021 12:25:23 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
98f08e34 by Salvatore Bonaccorso at 2021-03-05T21:24:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2301,29 +2301,29 @@ CVE-2021-26973
 CVE-2021-26972
        RESERVED
 CVE-2021-26971 (A remote authenticated arbitrary command execution 
vulnerability was d ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26970 (A remote authenticated arbitrary command execution 
vulnerability was d ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability 
was discov ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26966 (A remote authenticated sql injection vulnerability was 
discovered in A ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26965 (A remote authenticated sql injection vulnerability was 
discovered in A ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26964 (A remote authentication restriction bypass vulnerability was 
discovere ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26963 (A remote authenticated arbitrary command execution 
vulnerability was d ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26962 (A remote authenticated arbitrary command execution 
vulnerability was d ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-26959
        REJECTED
 CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 
for Rust.  ...)
@@ -2941,7 +2941,7 @@ CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar 
through 0.2.4, as used
 CVE-2021-26706
        RESERVED
 CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. 
An atta ...)
-       TODO: check
+       NOT-FOR-US: SquareBox CatDV Server
 CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary 
commands vi ...)
        NOT-FOR-US: EPrints
 CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files 
and poss ...)
@@ -14141,7 +14141,7 @@ CVE-2021-21727
 CVE-2021-21726
        RESERVED
 CVE-2021-21725 (A ZTE product has an information leak vulnerability. An 
attacker with  ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the 
product's im ...)
        NOT-FOR-US: ZTE
 CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the 
improper handli ...)
@@ -16946,7 +16946,7 @@ CVE-2020-35596
 CVE-2020-35595
        RESERVED
 CVE-2020-35594 (Zoho ManageEngine ADManager Plus before 7066 allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-35593
        RESERVED
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header 
to the a ...)
@@ -21650,7 +21650,7 @@ CVE-2020-29660 (A locking inconsistency issue was 
discovered in the tty subsyste
 CVE-2020-29659 (A buffer overflow in the web server of Flexense DupScout 
Enterprise 10 ...)
        NOT-FOR-US: Flexense DupScout Enterprise
 CVE-2020-29658 (Zoho ManageEngine Application Control Plus before 100523 has 
an insecu ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in 
main_print_unh ...)
        - iotjs <unfixed> (bug #977736; unimportant)
        NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244
@@ -23625,7 +23625,7 @@ CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be 
bypassed via a brute-force
 CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter 
injectio ...)
        NOT-FOR-US: cPanel
 CVE-2020-29134 (TOTVS Fluig Luke 1.7.0 allows directory traversal via a base64 
encoded ...)
-       TODO: check
+       NOT-FOR-US: TOTVS Fluig Luke
 CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded 
personal  ...)
        NOT-FOR-US: Coremail XT
 CVE-2020-29132
@@ -23850,7 +23850,7 @@ CVE-2020-29034
 CVE-2020-29033
        RESERVED
 CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in 
firmware archi ...)
-       TODO: check
+       NOT-FOR-US: Secomea GateManager
 CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in 
the web UI ...)
        NOT-FOR-US: GateManager
 CVE-2020-29030
@@ -28734,7 +28734,7 @@ CVE-2020-28052 (An issue was discovered in Legion of 
the Bouncy Castle BC Java 1
 CVE-2020-28051
        RESERVED
 CVE-2020-28050 (Zoho ManageEngine Desktop Central before build 10.0.647 allows 
a singl ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly 
starts t ...)
        {DSA-4783-1 DLA-2436-1}
        - sddm 0.19.0-1 (bug #973748)
@@ -85443,7 +85443,7 @@ CVE-2020-5150
 CVE-2020-5149
        RESERVED
 CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe 
the ass ...)
-       TODO: check
+       NOT-FOR-US: SonicWall
 CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted 
service pa ...)
        NOT-FOR-US: SonicWall
 CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an 
authenticated m ...)
@@ -99587,7 +99587,7 @@ CVE-2019-18632 (European Commission eIDAS-Node 
Integration Package before 2.3.1
 CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege 
Elevati ...)
        NOT-FOR-US: Centrify Authentication and Privilege Elevation Services
 CVE-2019-18630 (On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and 
C8030/C8035/C8045/ ...)
-       TODO: check
+       NOT-FOR-US: Xerox
 CVE-2019-18629 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and 
C8030/C8035/C8045/C80 ...)
        NOT-FOR-US: Xerox
 CVE-2019-18628 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and 
C8030/C8035/C8045/C80 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98f08e343ce738176dceb7427ef878799e633674

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98f08e343ce738176dceb7427ef878799e633674
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to