[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Thu, 29 Jul 2021 13:16:51 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b4732a07 by Salvatore Bonaccorso at 2021-07-29T22:16:21+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1193,7 +1193,7 @@ CVE-2021-37146
 CVE-2021-37145
        RESERVED
 CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This 
occurs in ...)
-       TODO: check
+       NOT-FOR-US: CSZ CMS
 CVE-2021-37143
        RESERVED
 CVE-2021-37142
@@ -2378,13 +2378,13 @@ CVE-2021-36626
 CVE-2021-36625
        RESERVED
 CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 
suffers ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2021-36623
        RESERVED
 CVE-2021-36622
        RESERVED
 CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 
is vulner ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2021-36620
        RESERVED
 CVE-2021-36619
@@ -18034,7 +18034,7 @@ CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 
1.5.x before 1.5.1 allows
 CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory 
history, aka P ...)
        NOT-FOR-US: Jamf Pro
 CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension 
before 1 ...)
-       TODO: check
+       NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual 
Studio Code
 CVE-2021-30123 (FFmpeg &lt;=4.3 contains a buffer overflow vulnerability in 
libavcodec ...)
        - ffmpeg <not-affected> (Only affects 4.4 development branches)
        NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
@@ -38343,7 +38343,7 @@ CVE-2021-21548
 CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 
5.0.7.0.5.008 ...)
        NOT-FOR-US: EMC
 CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 
19.4.0.0 c ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation 
for a lo ...)
        NOT-FOR-US: Dell
 CVE-2021-21544 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an 
improper authe ...)
@@ -38359,7 +38359,7 @@ CVE-2021-21540 (Dell EMC iDRAC9 versions prior to 
4.40.00.00 contain a stack-bas
 CVE-2021-21539 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a 
Time-of-check T ...)
        NOT-FOR-US: EMC
 CVE-2021-21538 (Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 
4.40.10.00 ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an 
information exposu ...)
        NOT-FOR-US: Dell Hybrid Client
 CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an 
information exposu ...)
@@ -42318,7 +42318,7 @@ CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering 
products are vulnerable
 CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site 
scripting. T ...)
        NOT-FOR-US: IBM
 CVE-2021-20505 (The PowerVM Logical Partition Mobility(LPM) (PowerVM 
Hypervisor FW920, ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-20504 (IBM Jazz Foundation Products are vulnerable to cross-site 
scripting. T ...)
        NOT-FOR-US: IBM
 CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site 
scripting. T ...)
@@ -43523,13 +43523,13 @@ CVE-2021-20116
 CVE-2021-20115
        RESERVED
 CVE-2021-20114 (When installed following the default/recommended settings, 
TCExam &lt; ...)
-       TODO: check
+       NOT-FOR-US: TCExam
 CVE-2021-20113 (An exposure of sensitive information vulnerability exists in 
TCExam &l ...)
-       TODO: check
+       NOT-FOR-US: TCExam
 CVE-2021-20112 (A stored cross-site scripting vulnerability exists in TCExam 
&lt;= 14. ...)
-       TODO: check
+       NOT-FOR-US: TCExam
 CVE-2021-20111 (A stored cross-site scripting vulnerability exists in TCExam 
&lt;= 14. ...)
-       TODO: check
+       NOT-FOR-US: TCExam
 CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not 
validating HTTPS  ...)
        NOT-FOR-US: Manage Engine Asset Explorer Agent
 CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS 
certificates, an  ...)
@@ -66236,7 +66236,7 @@ CVE-2020-22767
 CVE-2020-22766
        RESERVED
 CVE-2020-22765 (Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 
via the ...)
-       TODO: check
+       NOT-FOR-US: NukeViet cms
 CVE-2020-22764
        RESERVED
 CVE-2020-22763
@@ -66244,7 +66244,7 @@ CVE-2020-22763
 CVE-2020-22762
        RESERVED
 CVE-2020-22761 (Cross Site Request Forgery (CSRF) vulnerability in FlatPress 
1.1 via t ...)
-       TODO: check
+       NOT-FOR-US: FlatPress
 CVE-2020-22760
        RESERVED
 CVE-2020-22759
@@ -68266,9 +68266,9 @@ CVE-2020-21811
 CVE-2020-21810
        RESERVED
 CVE-2020-21809 (SQL Injection vulnerability in NukeViet CMS module Shops 
4.0.29 and 4. ...)
-       TODO: check
+       NOT-FOR-US: NukeViet CMS module Shops
 CVE-2020-21808 (SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 
via:the to ...)
-       TODO: check
+       NOT-FOR-US: NukeViet CMS
 CVE-2020-21807
        RESERVED
 CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in 
index.p ...)
@@ -75621,7 +75621,7 @@ CVE-2020-18177
 CVE-2020-18176
        RESERVED
 CVE-2020-18175 (SQL Injection vulnerability in Metinfo 6.1.3 via a 
dosafety_emailadd a ...)
-       TODO: check
+       NOT-FOR-US: Metinfo
 CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 
1.1.32.00 ...)
        TODO: check
 CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 
7.3.712 al ...)
@@ -75655,9 +75655,9 @@ CVE-2020-18160
 CVE-2020-18159
        RESERVED
 CVE-2020-18158 (Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via 
nickname  ...)
-       TODO: check
+       NOT-FOR-US: HuCart
 CVE-2020-18157 (Cross Site Request Forgery (CSRF) vulnerability in MetInfo 
6.1.3 via a ...)
-       TODO: check
+       NOT-FOR-US: MetInfo
 CVE-2020-18156
        RESERVED
 CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the 
search page i ...)
@@ -109707,7 +109707,7 @@ CVE-2020-5355
 CVE-2020-5354
        RESERVED
 CVE-2020-5353 (The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC 
PowerSca ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an 
OS comma ...)
        NOT-FOR-US: EMC
 CVE-2020-5351 (Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 
contain an ...)
@@ -109755,7 +109755,7 @@ CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 
(6.7.0.3), contain an inform
 CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and 
older, Dell ...)
        NOT-FOR-US: EMC
 CVE-2020-5329 (Dell EMC Avamar Server contains an open redirect vulnerability. 
A remo ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an 
unauthorized  ...)
        NOT-FOR-US: EMC
 CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 
contain a Ja ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4732a0735249e00ac7dc9f4e363037486225ec5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4732a0735249e00ac7dc9f4e363037486225ec5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to