[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Thu, 22 Apr 2021 21:47:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3c009fda by Salvatore Bonaccorso at 2021-04-23T06:46:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2021-3512
 CVE-2021-3511
        RESERVED
 CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has 
an intege ...)
-       TODO: check
+       NOT-FOR-US: Amazon Web Services FreeRTOS kernel
 CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has 
an intege ...)
-       TODO: check
+       NOT-FOR-US: Amazon Web Services FreeRTOS kernel
 CVE-2021-31570
        RESERVED
 CVE-2021-31569
@@ -2345,7 +2345,7 @@ CVE-2021-30478 (An issue was discovered in Zulip Server 
before 3.4. A bug in the
 CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in 
the imple ...)
        - zulip-server <itp> (bug #800052)
 CVE-2021-30476 (HashiCorp Terraform&#8217;s Vault Provider 
(terraform-provider-vault)  ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Terraform Vault Provider
 CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions 
before 2.36. ...)
        - binutils <unfixed> (unimportant)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
@@ -2613,7 +2613,7 @@ CVE-2021-30358
 CVE-2021-30357
        RESERVED
 CVE-2021-30356 (A denial of service vulnerability was reported in Check Point 
Identity ...)
-       TODO: check
+       NOT-FOR-US: Check Point Identity Agent
 CVE-2021-30355
        RESERVED
 CVE-2021-30354
@@ -4233,7 +4233,7 @@ CVE-2021-29655
 CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of 
Untrusted Data ( ...)
        NOT-FOR-US: AjaxSearchPro
 CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under 
certain ci ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in 
the user s ...)
        NOT-FOR-US: Pomerium
 CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). 
...)
@@ -9416,7 +9416,7 @@ CVE-2021-27402
 CVE-2021-27401
        RESERVED
 CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations 
(storage b ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has 
one out ...)
        - owncloud <removed>
 CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has 
received non ...)
@@ -9723,9 +9723,9 @@ CVE-2021-27280
 CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags 
with MyCo ...)
        NOT-FOR-US: MyBB
 CVE-2021-27278 (This vulnerability allows local attackers to escalate 
privileges on af ...)
-       TODO: check
+       NOT-FOR-US: Parallels Desktop
 CVE-2021-27277 (This vulnerability allows local attackers to escalate 
privileges on af ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary 
files o ...)
        NOT-FOR-US: Netgear
 CVE-2021-27275 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
@@ -12751,7 +12751,7 @@ CVE-2021-26028 (An issue was discovered in Joomla! 
3.0.0 through 3.9.24. Extract
 CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. 
Incorrect ACL ...)
        NOT-FOR-US: Joomla!
 CVE-2021-3287 (Zoho ManageEngine OpManager before 12.5.329 allows 
unauthenticated Rem ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 
has a Use ...)
        NOT-FOR-US: ACDSee Professional 2021
 CVE-2021-26025 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 
has a Use ...)
@@ -24320,9 +24320,9 @@ CVE-2021-21429
 CVE-2021-21428
        RESERVED
 CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento 
Community Ed ...)
-       TODO: check
+       NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento 
Community Ed ...)
-       TODO: check
+       NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a 
way to con ...)
        NOT-FOR-US: Grav Admin Plugin
 CVE-2021-21424
@@ -34749,7 +34749,7 @@ CVE-2021-1080
 CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains 
a vuln ...)
        NOT-FOR-US: NVIDIA
 CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, 
contains  ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
 CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 
driver  ...)
        - nvidia-graphics-drivers <unfixed> (bug #987216)
        [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -34769,9 +34769,9 @@ CVE-2021-1076 (NVIDIA GPU Display Driver for Windows 
and Linux, all versions, co
        - nvidia-graphics-drivers-tesla-450 <unfixed> (bug #987221)
        - nvidia-graphics-drivers-tesla-460 <unfixed> (bug #987222)
 CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions, 
contains  ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
 CVE-2021-1074 (NVIDIA Windows GPU Display Driver for Windows, R390 driver 
branch, con ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
 CVE-2021-1073
        RESERVED
 CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains 
a vuln ...)
@@ -39561,9 +39561,9 @@ CVE-2020-27571
 CVE-2020-27570
        RESERVED
 CVE-2020-27569 (Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and 
earlier.  ...)
-       TODO: check
+       NOT-FOR-US: Aviatrix VPN Client
 CVE-2020-27568 (Insecure File Permissions exist in Aviatrix Controller 
5.3.1516. Sever ...)
-       TODO: check
+       NOT-FOR-US: Aviatrix Controller
 CVE-2020-27567
        RESERVED
 CVE-2020-27566
@@ -87365,15 +87365,15 @@ CVE-2020-7863
 CVE-2020-7862
        RESERVED
 CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows 
directo ...)
-       TODO: check
+       NOT-FOR-US: AnySupport
 CVE-2020-7860
        RESERVED
 CVE-2020-7859
        RESERVED
 CVE-2020-7858 (There is a directory traversing vulnerability in the download 
page url ...)
-       TODO: check
+       NOT-FOR-US: AquaNPlayer
 CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: XPlatform
 CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated 
attacker to  ...)
        NOT-FOR-US: Helpcom
 CVE-2020-7855



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c009fda8dc8309458bc199b3c1fcd5a5aee1052

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c009fda8dc8309458bc199b3c1fcd5a5aee1052
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to