[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) Wed, 07 Jul 2021 13:51:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
41c83e65 by Salvatore Bonaccorso at 2021-07-07T22:50:29+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9804,7 +9804,7 @@ CVE-2021-31927 (An Insecure Direct Object Reference 
(IDOR) vulnerability in Anne
 CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x 
before 2.1. ...)
        NOT-FOR-US: CubeCoders AMP
 CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, 
and thu ...)
-       TODO: check
+       NOT-FOR-US: Pexip
 CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending 
on the p ...)
        - pam-u2f 1.1.0-1.1 (bug #987545)
        [buster] - pam-u2f <not-affected> (Vulnerable code not present)
@@ -17295,7 +17295,7 @@ CVE-2021-28933
 CVE-2021-28932
        RESERVED
 CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows 
attackers ...)
-       TODO: check
+       NOT-FOR-US: Fork CMS
 CVE-2021-28930
        RESERVED
 CVE-2021-28929
@@ -23723,9 +23723,9 @@ CVE-2021-3319
 CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the 
editori ...)
        NOT-FOR-US: DzzOffice
 CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
-       TODO: check
+       NOT-FOR-US: NinjaRMM
 CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. 
...)
-       TODO: check
+       NOT-FOR-US: NinjaRMM
 CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 
2.32 and  ...)
        - glibc 2.31-10 (bug #981198)
        [buster] - glibc <no-dsa> (Minor issue)
@@ -24336,15 +24336,15 @@ CVE-2021-26041
 CVE-2021-26040
        RESERVED
 CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. 
Inadequate es ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. 
Install actio ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS 
functions ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. 
Missing valid ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. 
Inadequate es ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A 
missing tok ...)
        NOT-FOR-US: Joomla!
 CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A 
missing tok ...)
@@ -34050,13 +34050,13 @@ CVE-2021-21791
 CVE-2021-21790
        RESERVED
 CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit 
Advanced  ...)
-       TODO: check
+       NOT-FOR-US: IOBit
 CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit 
Advanced  ...)
-       TODO: check
+       NOT-FOR-US: IOBit
 CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit 
Advanced  ...)
-       TODO: check
+       NOT-FOR-US: IOBit
 CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 
0x9c406144 ha ...)
-       TODO: check
+       NOT-FOR-US: IOBit
 CVE-2021-21785
        RESERVED
 CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format 
SOF mark ...)
@@ -55259,7 +55259,7 @@ CVE-2020-25869 (An information leak was discovered in 
MediaWiki before 1.31.10 a
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
        NOTE: https://phabricator.wikimedia.org/T260485
 CVE-2020-25868 (Pexip Infinity 22.x through 24.x before 24.2 has Improper 
Input Valida ...)
-       TODO: check
+       NOT-FOR-US: Pexip
 CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security 
key used t ...)
        NOT-FOR-US: SoPlanning
 CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP 
protocol dis ...)
@@ -59702,7 +59702,7 @@ CVE-2020-24040
 CVE-2020-24039
        RESERVED
 CVE-2020-24038 (myFax version 229 logs sensitive information in the export log 
module  ...)
-       TODO: check
+       NOT-FOR-US: myFax
 CVE-2020-24037
        RESERVED
 CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in 
ForkCMS be ...)
@@ -60414,11 +60414,11 @@ CVE-2020-23704
 CVE-2020-23703
        RESERVED
 CVE-2020-23702 (Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 
via 'Ne ...)
-       TODO: check
+       NOT-FOR-US: PHP-Fusion
 CVE-2020-23701
        RESERVED
 CVE-2020-23700 (Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 
via the ...)
-       TODO: check
+       NOT-FOR-US: LavaLite-CMS
 CVE-2020-23699
        RESERVED
 CVE-2020-23698
@@ -67550,7 +67550,7 @@ CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers 
from a memory corruption v
 CVE-2020-20226
        RESERVED
 CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an 
assertion  ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik
 CVE-2020-20224
        RESERVED
 CVE-2020-20223
@@ -67568,17 +67568,17 @@ CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term 
tree) suffers from a memory
 CVE-2020-20217
        RESERVED
 CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a 
memory corrup ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik
 CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a 
memory corrup ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik
 CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an 
assertion fa ...)
        NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an 
stack exhaus ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik
 CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a 
memory corrup ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik
 CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an 
assertion fa ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik
 CVE-2020-20210
        RESERVED
 CVE-2020-20209



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c83e655dfd53e8b0864e8f2d5ce7eb5c756f8c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c83e655dfd53e8b0864e8f2d5ce7eb5c756f8c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to