[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) Mon, 19 Jul 2021 13:19:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cce09b73 by Salvatore Bonaccorso at 2021-07-19T22:19:06+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,11 +11,11 @@ CVE-2021-36801
 CVE-2021-36800
        RESERVED
 CVE-2021-36799 (KNX ETS5 uses the hard-coded password ETS5Password, with a 
salt value  ...)
-       TODO: check
+       NOT-FOR-US: KNX ETS5
 CVE-2021-36798
        RESERVED
 CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root 
access is ...)
-       TODO: check
+       NOT-FOR-US: Victron Energy Venus OS
 CVE-2021-36796
        RESERVED
 CVE-2021-36795
@@ -1918,17 +1918,17 @@ CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows 
remote attackers to discove
 CVE-2021-35969
        RESERVED
 CVE-2021-35968 (The directory list page parameter of the Orca HCM digital 
learning pla ...)
-       TODO: check
+       NOT-FOR-US: Orca HCM digital learning platform
 CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning 
platform ...)
-       TODO: check
+       NOT-FOR-US: Orca HCM digital learning platform
 CVE-2021-35966 (The specific function of the Orca HCM digital learning 
platform does n ...)
-       TODO: check
+       NOT-FOR-US: Orca HCM digital learning platform
 CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory 
default adm ...)
-       TODO: check
+       NOT-FOR-US: Orca HCM digital learning platform
 CVE-2021-35964 (The management page of the Orca HCM digital learning platform 
does not ...)
-       TODO: check
+       NOT-FOR-US: Orca HCM digital learning platform
 CVE-2021-35963 (The specific parameter of upload function of the Orca HCM 
digital lear ...)
-       TODO: check
+       NOT-FOR-US: Orca HCM digital learning platform
 CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and 
Personnel A ...)
        NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance 
Management system
 CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management 
system  ...)
@@ -3045,7 +3045,7 @@ CVE-2021-35451 (In Teradici PCoIP Management 
Console-Enterprise 20.07.0, an unau
 CVE-2021-35450
        RESERVED
 CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, 
G2 driv ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows 
attackers to ex ...)
        NOT-FOR-US: Emote Interactive Remote Mouse on Windows
 CVE-2021-35447
@@ -3914,7 +3914,7 @@ CVE-2021-35045 (Cross site scripting (XSS) vulnerability 
in Ice Hrm 29.0.0.OS, a
 CVE-2021-35044
        RESERVED
 CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes 
when using  ...)
-       TODO: check
+       NOT-FOR-US: OWASP AntiSamy
 CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows 
QuerySet.orde ...)
        - python-django <not-affected> (Vulnerable code introduced in 3.1)
        NOTE: 
https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
@@ -4386,9 +4386,9 @@ CVE-2021-34823
 CVE-2021-34822
        RESERVED
 CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus 
Managemen ...)
-       TODO: check
+       NOT-FOR-US: AAT Novus Management System
 CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The 
Novus HTTP  ...)
-       TODO: check
+       NOT-FOR-US: Novus HTTP Server
 CVE-2021-34819
        RESERVED
 CVE-2021-34818
@@ -4730,9 +4730,9 @@ CVE-2021-34678
 CVE-2021-34677
        RESERVED
 CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for 
Excel r ...)
-       TODO: check
+       NOT-FOR-US: Basix NEX-Forms
 CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for 
stored  ...)
-       TODO: check
+       NOT-FOR-US: Basix NEX-Forms
 CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile 
functionality in  ...)
        {DLA-2701-1}
        - openexr <unfixed> (bug #990450)
@@ -29459,7 +29459,7 @@ CVE-2021-24484
 CVE-2021-24483
        RESERVED
 CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not 
sanitise ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24481
        RESERVED
 CVE-2021-24480
@@ -29517,9 +29517,9 @@ CVE-2021-24455
 CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is 
created  ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to 
path tr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected 
by a ref ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did 
not escap ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2021-24450
@@ -29529,7 +29529,7 @@ CVE-2021-24449
 CVE-2021-24448
        RESERVED
 CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not 
validate its ta ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24446
        RESERVED
 CVE-2021-24445
@@ -29551,7 +29551,7 @@ CVE-2021-24438
 CVE-2021-24437
        RESERVED
 CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was 
vulnerable to a r ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24435
        RESERVED
 CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or 
escape i ...)
@@ -68999,9 +68999,9 @@ CVE-2020-20251
 CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a 
memory cor ...)
        NOT-FOR-US: Mikrotik
 CVE-2020-20249 (Mikrotik RouterOs before stable 6.47 suffers from a memory 
corruption  ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20248 (Mikrotik RouterOs before stable 6.47 suffers from an 
uncontrolled reso ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a 
memory co ...)
        NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20246 (Mikrotik RouterOs stable 6.46.3 suffers from a memory 
corruption vulne ...)
@@ -69037,7 +69037,7 @@ CVE-2020-20232
 CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a 
memory  ...)
        NOT-FOR-US: Mikrotik
 CVE-2020-20230 (Mikrotik RouterOs before stable 6.47 suffers from an 
uncontrolled reso ...)
-       TODO: check
+       NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20229
        RESERVED
 CVE-2020-20228



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce09b7310ce9daa4f88c2968351b7af6f81bb85

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce09b7310ce9daa4f88c2968351b7af6f81bb85
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to