[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Wed, 10 Mar 2021 12:22:59 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bceb5575 by Salvatore Bonaccorso at 2021-03-10T21:22:22+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -314,7 +314,7 @@ CVE-2021-28009
 CVE-2021-28008
        RESERVED
 CVE-2021-28007 (Web Based Quiz System 1.0 is affected by cross-site scripting 
(XSS) in ...)
-       TODO: check
+       NOT-FOR-US: Web Based Quiz System
 CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting 
(XSS) in ...)
        NOT-FOR-US: Web Based Quiz System
 CVE-2021-28005
@@ -5395,7 +5395,7 @@ CVE-2021-3226
 CVE-2021-3225
        RESERVED
 CVE-2021-3224 (A stored cross-site scripting (XSS) vulnerability in cszcms 
1.2.9 exis ...)
-       TODO: check
+       NOT-FOR-US: cszcms
 CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f 
directory tra ...)
        NOT-FOR-US: Node-RED-Dashboard
 CVE-2021-3222
@@ -9437,7 +9437,7 @@ CVE-2021-24034
 CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, 
getProcessForPort ...)
        NOT-FOR-US: react-dev-utils
 CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook 
Gameroom d ...)
-       TODO: check
+       NOT-FOR-US: Facebook Gameroom
 CVE-2021-24029
        RESERVED
 CVE-2021-24028
@@ -11383,7 +11383,7 @@ CVE-2021-3036
 CVE-2021-3035
        RESERVED
 CVE-2021-3034 (An information exposure through log file vulnerability exists 
in Corte ...)
-       TODO: check
+       NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks)
 CVE-2021-3033 (An improper verification of cryptographic signature 
vulnerability exis ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2021-3032 (An information exposure through log file vulnerability exists 
in Palo  ...)
@@ -15955,7 +15955,7 @@ CVE-2020-35754 (OpenSolution Quick.CMS &lt; 6.7 and 
Quick.Cart &lt; 6.7 allow an
 CVE-2020-35753 (The job posting recommendation form in Persis Human Resource 
Managemen ...)
        NOT-FOR-US: Persis Human Resource Management Portal
 CVE-2020-35752 (Baby Care System 1.0 is affected by a cross-site scripting 
(XSS) vulne ...)
-       TODO: check
+       NOT-FOR-US: Baby Care System
 CVE-2020-35751
        RESERVED
 CVE-2020-35750
@@ -18198,19 +18198,19 @@ CVE-2021-20675
 CVE-2021-20674
        RESERVED
 CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of 
GROWI (v4.2 ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2021-20672 (Reflected cross-site scripting vulnerability due to 
insufficient verif ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2021-20671 (Invalid file validation on the upload feature in GROWI 
versions v4.2.2 ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2021-20670 (Improper access control vulnerability in GROWI versions v4.2.2 
and ear ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2021-20669 (Path traversal vulnerability in GROWI versions v4.2.2 and 
earlier allo ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2021-20668 (Path traversal vulnerability in GROWI versions v4.2.2 and 
earlier allo ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2021-20667 (Stored cross-site scripting vulnerability due to inadequate 
CSP (Conte ...)
-       TODO: check
+       NOT-FOR-US: GROWI
 CVE-2021-20666
        RESERVED
 CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of 
Contents  ...)
@@ -20612,33 +20612,33 @@ CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** 
vendor/elfinder/php/connector.mi
 CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows 
Administrato ...)
        NOT-FOR-US: WordPress plugin easy-wp-smtp
 CVE-2020-35233 (The TFTP server fails to handle multiple connections on 
NETGEAR JGS516 ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35232 (The TFTP firmware update mechanism on NETGEAR 
JGS516PE/GS116Ev2 v2.6.0 ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35231 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 
v2.6.0.4 ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35230 (Multiple integer overflow parameters were found in the web 
administrat ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35229 (The authentication token required to execute NSDP write 
requests on NE ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35228 (A cross-site scripting (XSS) vulnerability in the 
administration web p ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35227 (A buffer overflow vulnerability in the access control section 
on NETGE ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35226 (NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow 
unauthenticated user ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35225 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 
v2.6.0.4 ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35224 (A buffer overflow vulnerability in the NSDP protocol 
authentication me ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35223 (The CSRF protection mechanism implemented in the web 
administration pa ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35222 (The NSDP protocol version implemented on NETGEAR 
JGS516PE/GS116Ev2 v2. ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35221 (The hashing algorithm implemented for NSDP password 
authentication on  ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35220 (A TFTP server was found to be active by default on NETGEAR 
JGS516PE/GS ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-35219 (The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers 
to acce ...)
        NOT-FOR-US: ASUS
 CVE-2020-35218
@@ -23107,7 +23107,7 @@ CVE-2021-1642 (Windows AppX Deployment Extensions 
Elevation of Privilege Vulnera
 CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is 
unique from ...)
        NOT-FOR-US: Microsoft
 CVE-2021-1640 (Windows Print Spooler Elevation of Privilege Vulnerability This 
CVE ID ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...)
        NOT-FOR-US: Microsoft
 CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This 
CVE ID is ...)
@@ -24924,7 +24924,7 @@ CVE-2020-28707 (The Stockdio Historical Chart plugin 
before 2.8.1 for WordPress
 CVE-2020-28706
        RESERVED
 CVE-2020-28705 (FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: FUEL CMS
 CVE-2020-28704
        RESERVED
 CVE-2020-28703



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb55751db1a2fa4064d468870e132c99360da6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb55751db1a2fa4064d468870e132c99360da6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to