[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 15 Jun 2021 01:23:51 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7a47100d by Moritz Muehlenhoff at 2021-06-15T10:23:22+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4464,7 +4464,7 @@ CVE-2021-32686
 CVE-2021-32685
        RESERVED
 CVE-2021-32684 (magento-scripts contains scripts and configuration used by 
Create Mage ...)
-       TODO: check
+       NOT-FOR-US: Create Magento app
 CVE-2021-32683
        RESERVED
 CVE-2021-32682 (elFinder is an open-source file manager for web, written in 
JavaScript ...)
@@ -16258,7 +16258,7 @@ CVE-2021-27889 (Cross-site Scripting (XSS) 
vulnerability in MyBB before 1.8.26 v
 CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a 
drop-off  ...)
        NOT-FOR-US: ZendTo
 CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard 
of Elli ...)
-       TODO: check
+       NOT-FOR-US: Ellipse APM
 CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command 
injection in ...)
        NOT-FOR-US: rakibtg Docker Dashboard
 CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN 
protect ...)
@@ -17797,7 +17797,7 @@ CVE-2021-27198 (An issue was discovered in Visualware 
MyConnection Server throug
 CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 
has an arb ...)
        NOT-FOR-US: Pelco Digital Sentry Server
 CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power 
Grids Rel ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to 
and inc ...)
        NOT-FOR-US: Netop Vision Pro
 CVE-2021-27194 (Cleartext transmission of sensitive information in Netop 
Vision Pro up ...)
@@ -18614,7 +18614,7 @@ CVE-2021-26847
 CVE-2021-26846
        RESERVED
 CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids 
eSOMS al ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2021-26844
        RESERVED
 CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems 
where th ...)
@@ -29555,7 +29555,7 @@ CVE-2021-22177 (Potential DoS was identified in 
gitlab-shell in GitLab CE/EE ver
 CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2021-22175 (When requests to the internal network for webhooks are 
enabled, a serv ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows 
denial o ...)
        - wireshark 3.4.3-1 (bug #981791)
        [buster] - wireshark <not-affected> (Affected code not present)
@@ -30847,13 +30847,13 @@ CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 
19.1.x, 19.2.x 19.3.x, 19.4,
 CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 
19.4.0.1, co ...)
        NOT-FOR-US: EMC
 CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS 
contain ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, 
MX840c, ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, 
MX840c, ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, 
MX840c, ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21553
        RESERVED
 CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and 
earlier ...)
@@ -36424,7 +36424,7 @@ CVE-2021-20029
 CVE-2021-20028
        RESERVED
 CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: SonicWall
 CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an 
authent ...)
        NOT-FOR-US: SonicWall
 CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and 
earlier  ...)
@@ -41417,7 +41417,7 @@ CVE-2020-28715
 CVE-2020-28714
        RESERVED
 CVE-2020-28713 (Incorrect access control in push notification service in Night 
Owl Sma ...)
-       TODO: check
+       NOT-FOR-US: Night Owl Smart Doorbell
 CVE-2020-28712
        RESERVED
 CVE-2020-28711
@@ -48044,7 +48044,7 @@ CVE-2020-27385 (Incorrect Access Control in the 
FileEditor (/Admin/Views/FileEdi
 CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers 
from an ...)
        NOT-FOR-US: Guild Wars 2 launcher
 CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an 
elevation of ...)
-       TODO: check
+       NOT-FOR-US: Battle.Net
 CVE-2020-27382
        RESERVED
 CVE-2020-27381
@@ -50075,11 +50075,11 @@ CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a 
heap based buffer over-write w
 CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers 
to cond ...)
        NOT-FOR-US: Artica Pandora FMS
 CVE-2020-26517 (A cross-site scripting (XSS) issue was discovered in Intland 
codeBeame ...)
-       TODO: check
+       NOT-FOR-US: intland codeBeamer
 CVE-2020-26516 (A CSRF issue was discovered in Intland codeBeamer ALM 10.x 
through 10. ...)
-       TODO: check
+       NOT-FOR-US: intland codeBeamer
 CVE-2020-26515 (An insufficiently protected credentials issue was discovered 
in Intlan ...)
-       TODO: check
+       NOT-FOR-US: intland codeBeamer
 CVE-2020-26514
        RESERVED
 CVE-2020-26513 (An issue was discovered in Intland codeBeamer ALM 10.x through 
10.1.SP ...)
@@ -54557,7 +54557,7 @@ CVE-2020-24664 (The dashboard Editor in Hitachi Vantara 
Pentaho through 7.x - 8.
 CVE-2020-24663 (Trace Financial CRESTBridge &lt;6.3.0.02 contains a stored XSS 
vulnera ...)
        NOT-FOR-US: Trace Financial CRESTBridge
 CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) 
Reconciliation Prem ...)
-       TODO: check
+       NOT-FOR-US: SmartStream Transaction Lifecycle Management
 CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate 
verificati ...)
        - geary 3.38.0.1-1
        [buster] - geary <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a47100d7aacfc6eaccfea2a98fb587401a9a37c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a47100d7aacfc6eaccfea2a98fb587401a9a37c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to