[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 01 Jul 2021 14:06:40 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
588b8f4e by Moritz Muehlenhoff at 2021-07-01T23:06:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1685,9 +1685,9 @@ CVE-2021-35339
 CVE-2021-35338
        RESERVED
 CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System
 CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by 
Incorrect Ac ...)
-       TODO: check
+       NOT-FOR-US: Tieline IP Audio Gateway
 CVE-2021-35335
        RESERVED
 CVE-2021-35334
@@ -7532,11 +7532,11 @@ CVE-2021-32733
 CVE-2021-32732
        RESERVED
 CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2021-32728
        RESERVED
 CVE-2021-32727
@@ -9874,7 +9874,7 @@ CVE-2021-31815 (GAEN (aka Google/Apple Exposure 
Notifications) through 2021-04-2
 CVE-2021-31814
        RESERVED
 CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an 
infinite ...)
        - libpdfbox2-java <unfixed>
        - libpdfbox-java <undetermined>
@@ -18104,9 +18104,9 @@ CVE-2021-28426
 CVE-2021-28425
        RESERVED
 CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers 
Record M ...)
-       TODO: check
+       NOT-FOR-US: Teachers Record Management
 CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record 
Management S ...)
-       TODO: check
+       NOT-FOR-US: Teachers Record Management
 CVE-2021-28422
        RESERVED
 CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in 
sfloader/f ...)
@@ -18832,7 +18832,7 @@ CVE-2021-28129
 CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing 
of one's  ...)
        NOT-FOR-US: Strapi
 CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A 
brute-forc ...)
-       TODO: check
+       NOT-FOR-US: Stormshield SNS
 CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) 
before 3.1 ...)
        NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
 CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the 
creation of  ...)
@@ -19981,9 +19981,9 @@ CVE-2021-27663
 CVE-2021-27662
        RESERVED
 CVE-2021-27661 (Successful exploitation of this vulnerability could give an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller
 CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can 
allow remote ...)
-       TODO: check
+       NOT-FOR-US: C-CURE 9000
 CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, 
filter,  ...)
        NOT-FOR-US: exacqVision Web Service
 CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently 
validate, f ...)
@@ -20376,7 +20376,7 @@ CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior 
to 2.2,The affected produc
 CVE-2021-27478
        RESERVED
 CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 
2PORT-EFR, Plus ...)
-       TODO: check
+       NOT-FOR-US: JTEKT
 CVE-2021-27476
        RESERVED
 CVE-2021-27475
@@ -32439,15 +32439,15 @@ CVE-2021-22349 (There is an Input Verification 
Vulnerability in Huawei Smartphon
 CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit 
Vulnerability in Hua ...)
        NOT-FOR-US: Huawei
 CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei 
Smartphone ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22346 (There is an Improper Permission Management Vulnerability in 
Huawei Sma ...)
        NOT-FOR-US: Huawei
 CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei 
Smartphone. Suc ...)
        NOT-FOR-US: Huawei
 CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei 
Smartphone ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei 
Smartphone. Su ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22342 (There is an information leak vulnerability in Huawei products. 
A modul ...)
        NOT-FOR-US: Huawei
 CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A 
resource ma ...)
@@ -37543,7 +37543,7 @@ CVE-2021-20780
 CVE-2021-20779
        RESERVED
 CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 
(EC-CUBE 4 seri ...)
-       TODO: check
+       NOT-FOR-US: EC-CUBE
 CVE-2021-20777
        RESERVED
 CVE-2021-20776
@@ -39286,7 +39286,7 @@ CVE-2021-20109
 CVE-2021-20108
        RESERVED
 CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan 
SmartFaucets in ...)
-       TODO: check
+       NOT-FOR-US: Sloan
 CVE-2021-20106
        RESERVED
 CVE-2021-20105 (Machform prior to version 16 is vulnerable to an open redirect 
in Safa ...)
@@ -51337,9 +51337,9 @@ CVE-2020-27364
 CVE-2020-27363
        RESERVED
 CVE-2020-27362 (An issue exists within the SSH console of Akkadian 
Provisioning Manage ...)
-       TODO: check
+       NOT-FOR-US: Akkadian
 CVE-2020-27361 (An issue exists within Akkadian Provisioning Manager 4.50.02 
which all ...)
-       TODO: check
+       NOT-FOR-US: Akkadian
 CVE-2020-27360
        RESERVED
 CVE-2020-27359 (A cross-site scripting (XSS) issue in REDCap 8.11.6 through 
9.x before ...)
@@ -70208,11 +70208,11 @@ CVE-2020-18665 (Directory Traversal vulnerability in 
WebPort &lt;=1.19.1 in tags
 CVE-2020-18664 (Cross Site Scripting (XSS) vulnerability in WebPort 
&lt;=1.19.1via the ...)
        NOT-FOR-US: WebPort
 CVE-2020-18663 (Cross Site Scripting (XSS) vulnerability in gnuboard5 
&lt;=v5.3.2.8 vi ...)
-       TODO: check
+       NOT-FOR-US: gnuboard5
 CVE-2020-18662 (SQL Injection vulnerability in gnuboard5 &lt;=v5.3.2.8 via the 
table_p ...)
-       TODO: check
+       NOT-FOR-US: gnuboard5
 CVE-2020-18661 (Cross Site Scripting (XSS) vulnerability in gnuboard5 
&lt;=v5.3.2.8 vi ...)
-       TODO: check
+       NOT-FOR-US: gnuboard5
 CVE-2020-18660 (GetSimpleCMS &lt;=3.3.15 has an open redirect in 
admin/changedata.php  ...)
        NOT-FOR-US: GetSimpleCMS
 CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS &lt;=3.3.15 
via the ...)
@@ -71419,7 +71419,7 @@ CVE-2020-18068
 CVE-2020-18067
        RESERVED
 CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) 
userName ...)
-       TODO: check
+       NOT-FOR-US: Zrlog
 CVE-2020-18065
        RESERVED
 CVE-2020-18064
@@ -72048,9 +72048,9 @@ CVE-2020-17755
 CVE-2020-17754
        RESERVED
 CVE-2020-17753 (An issue was discovered in function addMeByRC in the smart 
contract im ...)
-       TODO: check
+       NOT-FOR-US: some Ethereum token
 CVE-2020-17752 (Integer overflow vulnerability in payable function of a smart 
contract ...)
-       TODO: check
+       NOT-FOR-US: some Ethereum token
 CVE-2020-17751
        RESERVED
 CVE-2020-17750
@@ -95660,7 +95660,7 @@ CVE-2020-9160
 CVE-2020-9159
        RESERVED
 CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei 
Smartpho ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-9157
        RESERVED
 CVE-2020-9156
@@ -97341,7 +97341,6 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 
3.5.9, 3.6 through 3.6.10,
        NOTE: 
https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41
 (3.8-branch)
        NOTE: 
https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e
 (3.7-branch)
        NOTE: 
https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e
 (3.6-branch)
-       TODO: check, upload of pypy/7.3.5+dfsg-1 to experimental claims this 
affects src:pypy
 CVE-2020-8491
        RESERVED
 CVE-2020-8490
@@ -99027,7 +99026,7 @@ CVE-2020-7872
 CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated 
attacker to  ...)
        NOT-FOR-US: Cnesty Helpcom
 CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly 
handles ...)
-       TODO: check
+       NOT-FOR-US: ezPDF
 CVE-2020-7869 (An improper input validation vulnerability of ZOOK software 
(remote ad ...)
        NOT-FOR-US: ZOOK software
 CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote 
administ ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588b8f4e3ef05aa5b1dd5265995eb02d58af283c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588b8f4e3ef05aa5b1dd5265995eb02d58af283c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to