[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 26 May 2021 13:34:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8954d91b by Salvatore Bonaccorso at 2021-05-26T22:33:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -263,9 +263,9 @@ CVE-2021-33472
 CVE-2021-33471
        RESERVED
 CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: COVID19 Testing Management System
 CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross 
Site Scri ...)
-       TODO: check
+       NOT-FOR-US: COVID19 Testing Management System
 CVE-2021-33468
        RESERVED
 CVE-2021-33467
@@ -4252,9 +4252,9 @@ CVE-2021-31778 (The media2click (aka 2 Clicks for 
External Media) extension 1.x
 CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 
2.6.x be ...)
        NOT-FOR-US: Typo3 extension
 CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not 
hashed u ...)
-       TODO: check
+       NOT-FOR-US: Versa
 CVE-2019-25029 (In Versa Director, the command injection is an attack in which 
the goa ...)
-       TODO: check
+       NOT-FOR-US: Versa
 CVE-2020-13672 [SA-CORE-2021-002]
        RESERVED
        {DLA-2637-1}
@@ -10261,9 +10261,9 @@ CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 
2.0.20 devices send admin c
 CVE-2021-29254
        RESERVED
 CVE-2021-29253 (The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 
6.9 P2  ...)
-       TODO: check
+       NOT-FOR-US: RSA
 CVE-2021-29252 (RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: RSA
 CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in 
which us ...)
        NOT-FOR-US: BTCPay Server
 CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site 
Scripti ...)
@@ -14242,7 +14242,7 @@ CVE-2021-27564 (A stored XSS issue exists in Appspace 
6.2.4. After a user is aut
 CVE-2021-27563
        RESERVED
 CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may 
trigger a syst ...)
-       TODO: check
+       NOT-FOR-US: Arm Trusted Firmware M
 CVE-2021-27561
        RESERVED
 CVE-2021-27560
@@ -17912,11 +17912,11 @@ CVE-2021-26036
 CVE-2021-26035
        RESERVED
 CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A 
missing tok ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A 
missing tok ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26032 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML 
was miss ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. 
Inadequate fi ...)
        NOT-FOR-US: Joomla!
 CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. 
Inadequate es ...)
@@ -27184,9 +27184,9 @@ CVE-2021-21988 (VMware Workstation (16.x prior to 
16.1.2) and Horizon Client for
 CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client 
for Windo ...)
        NOT-FOR-US: VMware
 CVE-2021-21986 (The vSphere Client (HTML5) contains a vulnerability in a 
vSphere authe ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-21985 (The vSphere Client (HTML5) contains a remote code execution 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains 
a remot ...)
        NOT-FOR-US: VMware
 CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations 
Manager API  ...)
@@ -33268,7 +33268,7 @@ CVE-2021-20098
 CVE-2021-20097
        RESERVED
 CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a 
remote atta ...)
-       TODO: check
+       NOT-FOR-US: OpenOversight
 CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to 
load arbi ...)
        - python-babel 2.8.0+dfsg.1-7 (bug #987824)
        NOTE: https://www.tenable.com/security/research/tra-2021-14
@@ -46874,13 +46874,13 @@ CVE-2020-26682 (In libass 0.14.0, the 
`ass_outline_construct`'s call to `outline
 CVE-2020-26681
        RESERVED
 CVE-2020-26680 (In vFairs 3.3, any user logged in to a vFairs virtual 
conference or ev ...)
-       TODO: check
+       NOT-FOR-US: vFairs
 CVE-2020-26679 (vFairs 3.3 is affected by Insecure Permissions. Any user 
logged in to  ...)
-       TODO: check
+       NOT-FOR-US: vFairs
 CVE-2020-26678 (vFairs 3.3 is affected by Remote Code Execution. Any user 
logged in to ...)
-       TODO: check
+       NOT-FOR-US: vFairs
 CVE-2020-26677 (Any user logged in to a vFairs 3.3 virtual conference or event 
can per ...)
-       TODO: check
+       NOT-FOR-US: vFairs
 CVE-2020-26676
        RESERVED
 CVE-2020-26675
@@ -64872,7 +64872,7 @@ CVE-2020-18223
 CVE-2020-18222
        RESERVED
 CVE-2020-18221 (Cross Site Scripting (XSS) in Typora v0.9.65 and earlier 
allows remote ...)
-       TODO: check
+       NOT-FOR-US: Typora
 CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier 
allows attack ...)
        NOT-FOR-US: DoraCMS
 CVE-2020-18219
@@ -72237,7 +72237,7 @@ CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions 
allows a remote attackers to
 CVE-2020-15077
        RESERVED
 CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older 
versions ma ...)
-       TODO: check
+       NOT-FOR-US: Private Tunnel installer for macOS
 CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older 
may corrup ...)
        NOT-FOR-US: OpenVPN Connect installer for macOS
 CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new 
user auth ...)
@@ -178249,11 +178249,11 @@ CVE-2018-16500
 CVE-2018-16499 (In VOS compromised, an attacker at network endpoints can 
possibly view ...)
        TODO: check
 CVE-2018-16498 (In Versa Director, the unencrypted backup files stored on the 
Versa de ...)
-       TODO: check
+       NOT-FOR-US: Versa
 CVE-2018-16497 (In Versa Analytics, the cron jobs are used for scheduling 
tasks by exe ...)
-       TODO: check
+       NOT-FOR-US: Versa
 CVE-2018-16496 (In Versa Director, the un-authentication request found. ...)
-       TODO: check
+       NOT-FOR-US: Versa
 CVE-2018-16495 (In VOS user session identifier (authentication token) is 
issued to the ...)
        TODO: check
 CVE-2018-16494 (In VOS and overly permissive "umask" may allow for authorized 
users of ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8954d91b3f3309d1e3e172d9504816062b9fab5e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8954d91b3f3309d1e3e172d9504816062b9fab5e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to