[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 04 Jun 2021 13:18:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
97af35a9 by Salvatore Bonaccorso at 2021-06-04T22:17:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -89,7 +89,7 @@ CVE-2021-3579
 CVE-2021-3578
        RESERVED
 CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows 
remote cod ...)
-       TODO: check
+       NOT-FOR-US: BDew BdLib library
 CVE-2021-33805 (In the reference implementation of FUSE before 2.9.8 and 3.x 
before 3. ...)
        TODO: check
 CVE-2021-3577
@@ -2632,9 +2632,9 @@ CVE-2021-32668
 CVE-2021-32667
        RESERVED
 CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure 
messaging a ...)
-       TODO: check
+       NOT-FOR-US: wire-ios (iOS version of Wire)
 CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure 
messaging a ...)
-       TODO: check
+       NOT-FOR-US: wire-ios (iOS version of Wire)
 CVE-2021-32664
        RESERVED
 CVE-2021-32663
@@ -14756,7 +14756,7 @@ CVE-2021-27659
 CVE-2021-27658
        RESERVED
 CVE-2021-27657 (Successful exploitation of this vulnerability could give an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Johnson Controls Metasys
 CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior 
could a ...)
        NOT-FOR-US: exacqVision Web Service
 CVE-2021-27655
@@ -16230,7 +16230,7 @@ CVE-2021-26996
 CVE-2021-26995
        RESERVED
 CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are 
susceptibl ...)
-       TODO: check
+       NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-26993
        RESERVED
 CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a 
vulnerabili ...)
@@ -26791,7 +26791,7 @@ CVE-2021-22518
 CVE-2021-22517
        RESERVED
 CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability 
in Micr ...)
-       TODO: check
+       NOT-FOR-US: Micro Focus Secure API Manager
 CVE-2021-22515
        RESERVED
 CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro 
Focus Applic ...)
@@ -27150,15 +27150,15 @@ CVE-2021-22339 (There is a denial of service 
vulnerability in some versions of M
 CVE-2021-22338
        RESERVED
 CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei 
Smartphone. ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22336 (There is an Improper Control of Generation of Code 
vulnerability in Hu ...)
        NOT-FOR-US: Huawei
 CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit 
vulnerability in Hua ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei 
Smartphone ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability 
in Huawei ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22332 (There is a pointer double free vulnerability in some versions 
of Cloud ...)
        NOT-FOR-US: CloudEngine (Huawei)
 CVE-2021-22331 (There is a JavaScript injection vulnerability in certain 
Huawei smartp ...)
@@ -28962,13 +28962,13 @@ CVE-2020-36144 (Redash 8.0.0 is affected by LDAP 
Injection. There is an informat
 CVE-2020-36143
        RESERVED
 CVE-2020-36142 (BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by 
inserti ...)
-       TODO: check
+       NOT-FOR-US: BloofoxCMS
 CVE-2020-36141 (BloofoxCMS 0.5.2.1 allows Unrestricted File Upload 
vulnerability via b ...)
-       TODO: check
+       NOT-FOR-US: BloofoxCMS
 CVE-2020-36140 (BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) 
via 'mode= ...)
-       TODO: check
+       NOT-FOR-US: BloofoxCMS
 CVE-2020-36139 (BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: BloofoxCMS
 CVE-2020-36138
        RESERVED
 CVE-2020-36137
@@ -29242,17 +29242,17 @@ CVE-2020-36011 (A cross-site scripting (XSS) issue in 
Add Patient Form in QDOCS
 CVE-2020-36010
        RESERVED
 CVE-2020-36009 (OBottle 2.0 in \c\g.php contains an arbitrary file download 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: OBottle
 CVE-2020-36008 (OBottle 2.0 in \c\t.php contains an arbitrary file write 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: OBottle
 CVE-2020-36007 (AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site 
scripti ...)
-       TODO: check
+       NOT-FOR-US: AppCMS
 CVE-2020-36006 (AppCMS 2.0.101 in /admin/info.php has an arbitrary file 
deletion vulne ...)
-       TODO: check
+       NOT-FOR-US: AppCMS
 CVE-2020-36005 (AppCMS 2.0.101 in /admin/app.php has an arbitrary file 
deletion vulner ...)
-       TODO: check
+       NOT-FOR-US: AppCMS
 CVE-2020-36004 (AppCMS 2.0.101 in /admin/download_frame.php has a SQL 
injection vulner ...)
-       TODO: check
+       NOT-FOR-US: AppCMS
 CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is 
vulnerable ...)
        NOT-FOR-US: Online Book Store
 CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability 
in index ...)
@@ -29323,13 +29323,13 @@ CVE-2020-35975
 CVE-2020-35974
        RESERVED
 CVE-2020-35973 (An issue was discovered in zzcms2020. There is a XSS 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: zzcms
 CVE-2020-35972 (An issue was discovered in YzmCMS V5.8. There is a CSRF 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: YzmCMS
 CVE-2020-35971 (A storage XSS vulnerability is found in YzmCMS v5.8, which can 
be used ...)
-       TODO: check
+       NOT-FOR-US: YzmCMS
 CVE-2020-35970 (An issue was discovered in YzmCMS 5.8. There is a SSRF 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: YzmCMS
 CVE-2020-35969
        RESERVED
 CVE-2020-35968
@@ -39626,9 +39626,9 @@ CVE-2021-1566
 CVE-2021-1565
        RESERVED
 CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco 
Discovery  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco 
Discovery  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1562
        RESERVED
 CVE-2021-1561
@@ -39666,7 +39666,7 @@ CVE-2021-1546
 CVE-2021-1545
        RESERVED
 CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings 
client s ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1543
        RESERVED
 CVE-2021-1542
@@ -39674,15 +39674,15 @@ CVE-2021-1542
 CVE-2021-1541
        RESERVED
 CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco 
ASR 500 ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco 
ASR 500 ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common 
Service ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes 
Record ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for 
Windows, Cisco ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco 
SD-WAN vM ...)
        NOT-FOR-US: Cisco
 CVE-2021-1534
@@ -39698,13 +39698,13 @@ CVE-2021-1530 (A vulnerability in the web-based 
management interface of Cisco Br
 CVE-2021-1529
        RESERVED
 CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow 
an aut ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS 
could allo ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS 
could allo ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex 
Meetings Serve ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1524
        RESERVED
 CVE-2021-1523
@@ -39720,7 +39720,7 @@ CVE-2021-1519 (A vulnerability in the interprocess 
communication (IPC) channel o
 CVE-2021-1518
        RESERVED
 CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex 
Meetin ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco 
AsyncOS ...)
        NOT-FOR-US: Cisco
 CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an 
unauth ...)
@@ -39748,9 +39748,9 @@ CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN 
vManage Software could a
 CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance 
(ASA) So ...)
        NOT-FOR-US: Cisco
 CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for 
Windows an ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for 
Windows an ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive 
Securit ...)
        NOT-FOR-US: Cisco
 CVE-2021-1500



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97af35a97049c2f3d62cc322f355751c31c42010

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97af35a97049c2f3d62cc322f355751c31c42010
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to