[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon, 12 Jul 2021 13:21:42 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc230176 by Salvatore Bonaccorso at 2021-07-12T22:20:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -669,9 +669,9 @@ CVE-2021-36384
 CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server 
through 5.84.0 ...)
        TODO: check
 CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Devolutions Server
 CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: Edifecs
 CVE-2021-36380
        RESERVED
 CVE-2021-36379
@@ -3589,7 +3589,7 @@ CVE-2021-35066 (An XXE vulnerability exists in 
ConnectWise Automate before 2021.
 CVE-2021-35065
        RESERVED
 CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege 
escalation thro ...)
-       TODO: check
+       NOT-FOR-US: KramerAV VIAWare
 CVE-2021-35063
        RESERVED
        [experimental] - suricata 1:6.0.3-1~exp1
@@ -3683,7 +3683,7 @@ CVE-2021-35039 (kernel/module.c in the Linux kernel 
before 5.12.14 mishandles Si
 CVE-2021-35038
        RESERVED
 CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Jamf Pro
 CVE-2021-35036
        RESERVED
 CVE-2021-35035
@@ -6401,7 +6401,7 @@ CVE-2021-33809
 CVE-2021-33808
        RESERVED
 CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in 
gespage/d ...)
-       TODO: check
+       NOT-FOR-US: Cartadis Gespage
 CVE-2021-3579
        RESERVED
 CVE-2021-3578 [possible remote code execution in isync/mbsync]
@@ -22233,7 +22233,7 @@ CVE-2021-27295
 CVE-2021-27294
        RESERVED
 CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression 
which is  ...)
-       TODO: check
+       NOT-FOR-US: RestSharp
 CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular 
expression  ...)
        - node-ua-parser-js 0.7.24+ds-1 (bug #985568)
        [buster] - node-ua-parser-js <no-dsa> (Minor issue)
@@ -25256,7 +25256,7 @@ CVE-2021-26101
 CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption 
service  ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption 
service o ...)
-       TODO: check
+       NOT-FOR-US: FortiMail
 CVE-2021-26098
        RESERVED
 CVE-2021-26097
@@ -25274,9 +25274,9 @@ CVE-2021-26092
 CVE-2021-26091
        RESERVED
 CVE-2021-26090 (A missing release of memory after its effective lifetime 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: FortiMail
 CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and 
below m ...)
-       TODO: check
+       NOT-FOR-US: FortiClient
 CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector 
version 5.0 ...)
        TODO: check
 CVE-2021-26087
@@ -33555,7 +33555,7 @@ CVE-2021-22517
 CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability 
in Micr ...)
        NOT-FOR-US: Micro Focus Secure API Manager
 CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be 
bypassed, allow ...)
-       TODO: check
+       NOT-FOR-US: NetIQ
 CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro 
Focus Applic ...)
        NOT-FOR-US: Micro Focus
 CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application 
Automat ...)
@@ -66754,11 +66754,11 @@ CVE-2020-21135
 CVE-2020-21134
        RESERVED
 CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in 
member/getpasswor ...)
-       TODO: check
+       NOT-FOR-US: Metinfo
 CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. 
...)
-       TODO: check
+       NOT-FOR-US: Metinfo
 CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via 
admin/?n=language ...)
-       TODO: check
+       NOT-FOR-US: Metinfo
 CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via 
the grou ...)
        NOT-FOR-US: HisiPHP
 CVE-2020-21129
@@ -70651,7 +70651,7 @@ CVE-2020-19206
 CVE-2020-19205
        RESERVED
 CVE-2020-19204 (Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is 
affected ...)
-       TODO: check
+       NOT-FOR-US: IPFire
 CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is 
affected by: C ...)
        TODO: check
 CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in 
the "capt ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc230176a768a7482f1b2bda16b4fd7d75b91fea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc230176a768a7482f1b2bda16b4fd7d75b91fea
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to