[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 24 Jun 2021 14:18:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bf6a50ae by Salvatore Bonaccorso at 2021-06-24T23:17:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4771,7 +4771,7 @@ CVE-2021-33348 (An issue was discovered in JFinal 
framework v4.9.10 and below. T
 CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are 
XSS vuln ...)
        NOT-FOR-US: JPress
 CVE-2021-33346 (There is an arbitrary password modification vulnerability in a 
D-LINK  ...)
-       TODO: check
+       NOT-FOR-US: D-LINK
 CVE-2021-33345
        RESERVED
 CVE-2021-33344
@@ -5578,15 +5578,15 @@ CVE-2021-33006
 CVE-2021-33005
        RESERVED
 CVE-2021-33004 (The affected product is vulnerable to memory corruption 
condition due  ...)
-       TODO: check
+       NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-33003
        RESERVED
 CVE-2021-33002 (Opening a maliciously crafted project file may cause an 
out-of-bounds  ...)
-       TODO: check
+       NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-33001
        RESERVED
 CVE-2021-33000 (Parsing a maliciously crafted project file may cause a 
heap-based buff ...)
-       TODO: check
+       NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-32999
        RESERVED
 CVE-2021-32998
@@ -6207,7 +6207,7 @@ CVE-2021-32711
 CVE-2021-32710
        RESERVED
 CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of 
order credi ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The 
whitespa ...)
        TODO: check
 CVE-2021-32707
@@ -18589,9 +18589,9 @@ CVE-2021-27661
 CVE-2021-27660
        RESERVED
 CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, 
filter,  ...)
-       TODO: check
+       NOT-FOR-US: exacqVision Web Service
 CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently 
validate, f ...)
-       TODO: check
+       NOT-FOR-US: exacqVision Enterprise Manager
 CVE-2021-27657 (Successful exploitation of this vulnerability could give an 
authentica ...)
        NOT-FOR-US: Johnson Controls Metasys
 CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior 
could a ...)
@@ -21079,7 +21079,7 @@ CVE-2021-26587
 CVE-2021-26586
        RESERVED
 CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView 
Global Da ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter 
(OV4VC) cou ...)
        NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC)
 CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO 
Amplifier ...)
@@ -22780,7 +22780,7 @@ CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 
10.0.11.dev1 are vulnerable to St
 CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to 
Cross-Site Reques ...)
        NOT-FOR-US: GoCD
 CVE-2021-25923 (In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak 
password  ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to 
Reflected Cross- ...)
        NOT-FOR-US: OpenEMR
 CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to 
Stored Cross ...)
@@ -23620,21 +23620,21 @@ CVE-2021-25658
 CVE-2021-25657
        RESERVED
 CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the 
Avaya Aura ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya 
Aura Exp ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2021-25654
        RESERVED
 CVE-2021-25653 (A privilege escalation vulnerability was discovered in Avaya 
Aura Appl ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2021-25652 (An information disclosure vulnerability was discovered in the 
director ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2021-25651 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation 
vulnerability w ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2021-25650 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation 
vulnerability w ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2021-25649 (** UNSUPPORTED WHEN ASSIGNED ** An information disclosure 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an 
attacke ...)
        NOT-FOR-US: Mobile application "Testes de Codigo"
 CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows 
stored XS ...)
@@ -32327,7 +32327,7 @@ CVE-2021-21739
 CVE-2021-21738
        RESERVED
 CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and 
access cont ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and 
access c ...)
        NOT-FOR-US: ZTE
 CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to 
improper p ...)
@@ -32660,13 +32660,13 @@ CVE-2021-21576
 CVE-2021-21575
        RESERVED
 CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow 
vulnerability. An  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow 
vulnerability. An  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21572 (Dell BIOSConnect feature contains a buffer overflow 
vulnerability. An  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21571 (Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect 
feature a ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2021-21570
        RESERVED
 CVE-2021-21569
@@ -62498,17 +62498,17 @@ CVE-2020-21790
 CVE-2020-21789
        RESERVED
 CVE-2020-21788 (In CRMEB 3.1.0+ strict domain name filtering leads to 
SSRF(Server-Side ...)
-       TODO: check
+       NOT-FOR-US: CRMEB
 CVE-2020-21787 (CRMEB 3.1.0+ is vulnerable to File Upload Getshell via 
/crmeb/crmeb/se ...)
-       TODO: check
+       NOT-FOR-US: CRMEB
 CVE-2020-21786 (In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell 
via /syst ...)
-       TODO: check
+       NOT-FOR-US: IBOS
 CVE-2020-21785 (In IBOS 4.5.4 Open, the database backup has Command Injection 
Vulnerab ...)
-       TODO: check
+       NOT-FOR-US: IBOS
 CVE-2020-21784 (phpwcms 1.9.13 is vulnerable to Code Injection via 
/phpwcms/setup/setu ...)
-       TODO: check
+       NOT-FOR-US: phpwcms
 CVE-2020-21783 (In IBOS 4.5.4 the email function has a cross site scripting 
(XSS) vuln ...)
-       TODO: check
+       NOT-FOR-US: IBOS
 CVE-2020-21782
        RESERVED
 CVE-2020-21781



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6a50ae9d19ce7ac25668485e9f4fe95cb556dc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6a50ae9d19ce7ac25668485e9f4fe95cb556dc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to