[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Fri, 21 May 2021 01:44:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7b4c174d by Salvatore Bonaccorso at 2021-05-21T10:43:05+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1805,7 +1805,7 @@ CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot 
versions prior to 1.52 are v
 CVE-2021-32631
        RESERVED
 CVE-2021-32630 (Admidio is a free, open source user management system for 
websites of  ...)
-       TODO: check
+       NOT-FOR-US: Admidio
 CVE-2021-32629
        RESERVED
 CVE-2021-32628
@@ -10946,7 +10946,7 @@ CVE-2021-28800
 CVE-2021-28799 (An improper authorization vulnerability has been reported to 
affect QN ...)
        NOT-FOR-US: QNAP
 CVE-2021-28798 (A relative path traversal vulnerability has been reported to 
affect QN ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported 
to affec ...)
        NOT-FOR-US: QNAP NAS devices
 CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in 
transformers. ...)
@@ -12247,7 +12247,7 @@ CVE-2021-3440
 CVE-2021-3439
        RESERVED
 CVE-2021-3438 (A potential buffer overflow in the software drivers for certain 
HP Las ...)
-       TODO: check
+       NOT-FOR-US: HP LaserJet products and Samsung product printers
 CVE-2021-3437
        RESERVED
 CVE-2021-3436
@@ -12564,9 +12564,9 @@ CVE-2021-28114
 CVE-2021-28113 (A command injection vulnerability in the cookieDomain and 
relayDomain  ...)
        NOT-FOR-US: Okta Access Gateway
 CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code 
on a deb ...)
-       TODO: check
+       NOT-FOR-US: Draeger X-Dock Firmware
 CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded 
Credentials, le ...)
-       TODO: check
+       NOT-FOR-US: Draeger X-Dock Firmware
 CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 
3.1.27. ...)
        NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
 CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php 
reflected C ...)
@@ -12964,7 +12964,7 @@ CVE-2021-27958
 CVE-2021-27957
        RESERVED
 CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored 
XSS on  ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-36255 (An issue was discovered in IdentityModel (aka 
ScottBrady.IdentityModel ...)
        NOT-FOR-US: ScottBrady.IdentityModel
 CVE-2019-25025 (The activerecord-session_store (aka Active Record Session 
Store) compo ...)
@@ -17005,7 +17005,7 @@ CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, 
stored XSS on a tests page
 CVE-2021-3314
        RESERVED
 CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting 
(XSS)  ...)
-       TODO: check
+       NOT-FOR-US: Plone
 CVE-2021-3312
        RESERVED
 CVE-2021-3311 (An issue was discovered in October through build 471. It 
reactivates a ...)
@@ -17771,15 +17771,15 @@ CVE-2021-25935
 CVE-2021-25934
        RESERVED
 CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through 
opennms-27.1.0 ...)
-       TODO: check
+       NOT-FOR-US: OpenNMS
 CVE-2021-25932
        RESERVED
 CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through 
opennms-27.1.0 ...)
-       TODO: check
+       NOT-FOR-US: OpenNMS
 CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through 
opennms-27.1.0 ...)
-       TODO: check
+       NOT-FOR-US: OpenNMS
 CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through 
opennms-27.1.0 ...)
-       TODO: check
+       NOT-FOR-US: OpenNMS
 CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 
through ...)
        NOT-FOR-US: Node safe-obj
 CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 
2.0.0 throug ...)
@@ -64443,7 +64443,7 @@ CVE-2020-18222
 CVE-2020-18221
        RESERVED
 CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier 
allows attack ...)
-       TODO: check
+       NOT-FOR-US: DoraCMS
 CVE-2020-18219
        RESERVED
 CVE-2020-18218



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4c174d064ef242e1569fafe57a1861515125cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4c174d064ef242e1569fafe57a1861515125cf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to