[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso Thu, 18 Mar 2021 13:39:01 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
17a0198a by Salvatore Bonaccorso at 2021-03-18T21:38:27+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10819,13 +10819,13 @@ CVE-2021-24128 (Unvalidated input and lack of output 
encoding in the Team Member
 CVE-2021-24127 (Unvalidated input and lack of output encoding in the 
ThirstyAffiliates ...)
        NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin
 CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira 
Gallery Li ...)
-       TODO: check
+       NOT-FOR-US: Envira Gallery Lite WordPress plugin
 CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress 
plugin, ve ...)
-       TODO: check
+       NOT-FOR-US: Contact Form Submissions WordPress plugin
 CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP 
Shieldon WordP ...)
-       TODO: check
+       NOT-FOR-US: WP Shieldon WordPress plugin
 CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin, 
versions bef ...)
-       TODO: check
+       NOT-FOR-US: PowerPress WordPress plugin
 CVE-2021-24122 (When serving resources from a network location using the NTFS 
file sys ...)
        {DLA-2594-1}
        - tomcat9 9.0.40-1 (unimportant)
@@ -13570,9 +13570,9 @@ CVE-2021-22862 (An improper access control 
vulnerability was identified in GitHu
 CVE-2021-22861 (An improper access control vulnerability was identified in 
GitHub Ente ...)
        NOT-FOR-US: GitHub Enterprise
 CVE-2021-22860 (EIC e-document system does not perform completed identity 
verification ...)
-       TODO: check
+       NOT-FOR-US: EIC e-document system
 CVE-2021-22859 (The users&#8217; data querying function of EIC e-document 
system does  ...)
-       TODO: check
+       NOT-FOR-US: EIC e-document system
 CVE-2021-22858 (Attackers can access the CGE account management function 
without privi ...)
        NOT-FOR-US: CGE
 CVE-2021-22857 (The CGE page with download function contains a Directory 
Traversal vul ...)
@@ -13594,7 +13594,7 @@ CVE-2021-22850 (HGiga EIP product lacks ineffective 
access control in certain pa
 CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter 
special charac ...)
        NOT-FOR-US: Hyweb HyCMS-J1
 CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers 
can inje ...)
-       TODO: check
+       NOT-FOR-US: HGiga MailSherlock
 CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. 
Remote at ...)
        NOT-FOR-US: Hyweb HyCMS-J1
 CVE-2021-22846
@@ -14114,7 +14114,7 @@ CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and 
prior is vulnerable due
 CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a 
stack-bas ...)
        NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives 
AOP v4.12 ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2021-22664
        RESERVED
 CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper 
validation of u ...)
@@ -19806,13 +19806,13 @@ CVE-2021-20680
 CVE-2021-20679
        RESERVED
 CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro 
versions prior ...)
-       TODO: check
+       NOT-FOR-US: Paid Memberships Pro
 CVE-2021-20677
        RESERVED
 CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, 
type B ( ...)
-       TODO: check
+       NOT-FOR-US: M-System
 CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, 
type B ( ...)
-       TODO: check
+       NOT-FOR-US: M-System
 CVE-2021-20674 (Untrusted search path vulnerability in Installer of 
MagicConnect Clien ...)
        NOT-FOR-US: MagicConnect client
 CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of 
GROWI (v4.2 ...)
@@ -19894,27 +19894,27 @@ CVE-2021-20636 (Cross-site request forgery (CSRF) 
vulnerability in LOGITEC LAN-W
 CVE-2021-20635 (Improper restriction of excessive authentication attempts in 
LOGITEC L ...)
        NOT-FOR-US: LOGITEC
 CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu 
Office 1 ...)
-       TODO: check
+       NOT-FOR-US: Custom App of Cybozu Office
 CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu 
Office 10.0 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of 
Cybozu Offi ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20631 (Improper input validation vulnerability in Custom App of 
Cybozu Office ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20630 (Improper access control vulnerability in Phone Messages of 
Cybozu Offi ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office 
10.0.0 t ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu 
Office 10 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu 
Office 10 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu 
Office 10. ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of 
Cybozu Offi ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu 
Office 10 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote 
attacker to ex ...)
        NOT-FOR-US: Video Insight VMS
 CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware 
Ver1.0.2 ...)
@@ -35906,7 +35906,7 @@ CVE-2020-26157 (Leanote Desktop through 2.6.2 allows 
XSS because a note's title
 CVE-2020-26156
        REJECTED
 CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 
and 4.31 ...)
-       TODO: check
+       NOT-FOR-US: Utimaco SecurityServer
 CVE-2020-26153
        RESERVED
 CVE-2020-26152
@@ -54129,7 +54129,7 @@ CVE-2020-17459
 CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx 
v.3.1.12.0 via th ...)
        NOT-FOR-US: MultiUx
 CVE-2020-17457 (Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An 
authenticate ...)
-       TODO: check
+       NOT-FOR-US: Fujitsu
 CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code 
Execution ...)
        NOT-FOR-US: SEOWON INTECH
 CVE-2020-17455
@@ -61164,7 +61164,7 @@ CVE-2020-14518 (Philips DreamMapper, Version 2.24 and 
prior. Information written
 CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All 
versions p ...)
        NOT-FOR-US: CodeMeter
 CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions 
6.10.00  ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense 
update f ...)
        NOT-FOR-US: CodeMeter
 CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus 
traffic ca ...)
@@ -102846,15 +102846,15 @@ CVE-2019-18237
 CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC 
Editor Ver ...)
        NOT-FOR-US: PLC Editor
 CVE-2019-18235 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior has 
insufficient  ...)
-       TODO: check
+       NOT-FOR-US: Advantech Spectre RT ERT351
 CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL 
injection ...)
        NOT-FOR-US: Equinox Control Expert
 CVE-2019-18233 (In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and 
prior, the ...)
-       TODO: check
+       NOT-FOR-US: Advantech Spectre RT Industrial Routers ERT351
 CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 
7.101(only ...)
        NOT-FOR-US: SafeNet Sentinel LDK License Manager
 CVE-2019-18231 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins 
and passwo ...)
-       TODO: check
+       NOT-FOR-US: Advantech Spectre RT ERT351
 CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple 
versions,  ...)
        NOT-FOR-US: Honeywell
 CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of 
sanitizati ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a0198a55df340e01c545d02b7bb613d72dea84

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a0198a55df340e01c545d02b7bb613d72dea84
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to