[Git][security-tracker-team/security-tracker][master] Process several NFUs

Thu, 03 Jun 2021 14:06:30 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df987146 by Salvatore Bonaccorso at 2021-06-03T23:05:58+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2042,7 +2042,7 @@ CVE-2021-32928
 CVE-2021-32927
        RESERVED
 CVE-2021-32926 (When an authenticated password change request takes place, 
this vulner ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2021-3551
        RESERVED
 CVE-2021-3550
@@ -2052,7 +2052,7 @@ CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.14 
reads XML data without
 CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 
allows eval- ...)
        NOT-FOR-US: Invision Community (aka IPS Community Suite)
 CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of 
nearly-exp ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2021-32922
        RESERVED
 CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not 
use a co ...)
@@ -4653,9 +4653,9 @@ CVE-2021-31833
 CVE-2021-31832
        RESERVED
 CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee 
Database S ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through 
Phar Des ...)
        - libphp-phpmailer 6.2.0-2 (bug #988732)
        [buster] - libphp-phpmailer <not-affected> (Regression introduced in 
6.1.8)
@@ -11885,7 +11885,7 @@ CVE-2021-28849
 CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of 
service ...)
        TODO: check
 CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial 
of servi ...)
-       TODO: check
+       NOT-FOR-US: MobaXterm
 CVE-2021-28846
        RESERVED
 CVE-2021-28845
@@ -11968,7 +11968,7 @@ CVE-2021-28814
 CVE-2021-28813
        RESERVED
 CVE-2021-28812 (A command injection vulnerability has been reported to affect 
certain  ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-28811
        RESERVED
 CVE-2021-28810
@@ -11978,9 +11978,9 @@ CVE-2021-28809
 CVE-2021-28808
        RESERVED
 CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been 
reported to ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP 
NAS run ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-28805
        RESERVED
 CVE-2021-28804
@@ -17207,7 +17207,7 @@ CVE-2021-26586
 CVE-2021-26585
        RESERVED
 CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter 
(OV4VC) cou ...)
-       TODO: check
+       NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC)
 CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO 
Amplifier ...)
        NOT-FOR-US: HPE
 CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway 
Option (Dgf ...)
@@ -23234,7 +23234,7 @@ CVE-2021-24025 (Due to incorrect string size 
calculations inside the preg_quote
 CVE-2021-24024 (A clear text storage of sensitive information into log file 
vulnerabil ...)
        NOT-FOR-US: FortiADCManager
 CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may 
allow a ...)
-       TODO: check
+       NOT-FOR-US: FortiAI (FortiGuard)
 CVE-2021-24022
        RESERVED
 CVE-2021-24021
@@ -27127,7 +27127,7 @@ CVE-2021-22338
 CVE-2021-22337
        RESERVED
 CVE-2021-22336 (There is an Improper Control of Generation of Code 
vulnerability in Hu ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22335
        RESERVED
 CVE-2021-22334
@@ -27149,13 +27149,13 @@ CVE-2021-22327 (There is an arbitrary memory write 
vulnerability in Huawei smart
 CVE-2021-22326
        RESERVED
 CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei 
Smartphone. ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22324 (There is a Credentials Management Errors vulnerability in 
Huawei Smart ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22323
        RESERVED
 CVE-2021-22322 (There is a Missing Authentication for Critical Function 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A 
module  ...)
        NOT-FOR-US: Huawei
 CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. 
A modul ...)
@@ -27165,15 +27165,15 @@ CVE-2021-22319
 CVE-2021-22318
        RESERVED
 CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei 
Smartphone. ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22316 (There is a Missing Authentication for Critical Function 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22315
        RESERVED
 CVE-2021-22314 (There is a local privilege escalation vulnerability in some 
versions o ...)
        NOT-FOR-US: Huawei
 CVE-2021-22313 (There is a Security Function vulnerability in Huawei 
Smartphone. Succe ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. 
An authe ...)
        NOT-FOR-US: Huawei
 CVE-2021-22311 (There is an improper permission assignment vulnerability in 
Huawei Man ...)
@@ -27183,7 +27183,7 @@ CVE-2021-22310 (There is an information leakage 
vulnerability in some huawei pro
 CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. 
A module ...)
        NOT-FOR-US: Huawei
 CVE-2021-22308 (There is a Business Logic Errors vulnerability in Huawei 
Smartphone. T ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 
3010.0.0.203(C00E201R7 ...)
        NOT-FOR-US: Huawei
 CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 
10.0.0.182(C00E ...)
@@ -27590,7 +27590,7 @@ CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 
contain an information di
 CVE-2021-22131
        RESERVED
 CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy 
physical app ...)
-       TODO: check
+       NOT-FOR-US: FortiProxy (FortiGuard)
 CVE-2021-22129
        RESERVED
 CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN 
portal  ...)
@@ -34517,9 +34517,9 @@ CVE-2020-35444
 CVE-2020-35443
        RESERVED
 CVE-2020-35442 (FDCMS (also known as Fangfa Content Management System) 4.0 
allows remo ...)
-       TODO: check
+       NOT-FOR-US: FDCMS (Fangfa Content Management System)
 CVE-2020-35441 (FDCMS (aka Fangfa Content Management System) 4.0 contains a 
front-end  ...)
-       TODO: check
+       NOT-FOR-US: FDCMS (Fangfa Content Management System)
 CVE-2020-35440
        RESERVED
 CVE-2020-35439
@@ -60050,11 +60050,11 @@ CVE-2020-21007
 CVE-2020-21006
        RESERVED
 CVE-2020-21005 (WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log 
in to t ...)
-       TODO: check
+       NOT-FOR-US: WellCMS
 CVE-2020-21004
        RESERVED
 CVE-2020-21003 (Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) 
via admin. ...)
-       TODO: check
+       NOT-FOR-US: Pbootcms
 CVE-2020-21002
        RESERVED
 CVE-2020-21001



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df98714662c62e66dc5f1701003eed02522c12c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df98714662c62e66dc5f1701003eed02522c12c0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to