[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 26 Aug 2021 13:28:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e94de822 by Salvatore Bonaccorso at 2021-08-26T22:27:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: EmTec ZOC
 CVE-2021-40146
        RESERVED
 CVE-2021-3738
@@ -156,7 +156,7 @@ CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an 
assertion failure, tri
        NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169
        NOTE: Introduced by 
https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733
 (5.3.1)
 CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI 
Layers or  ...)
-       TODO: check
+       NOT-FOR-US: yourls
 CVE-2021-40080
        RESERVED
 CVE-2021-40079
@@ -7095,13 +7095,13 @@ CVE-2021-36933 (Windows Services for NFS ONCRPC XDR 
Driver Information Disclosur
 CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information 
Disclosure Vuln ...)
        NOT-FOR-US: Microsoft
 CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability T ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2021-36930
        RESERVED
 CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure 
Vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability T ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2021-36927 (Windows Digital TV Tuner device registration application 
Elevation of  ...)
        NOT-FOR-US: Microsoft
 CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information 
Disclosure Vuln ...)
@@ -8419,7 +8419,7 @@ CVE-2021-36354
 CVE-2021-36353
        RESERVED
 CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x 
Hospital Inf ...)
-       TODO: check
+       NOT-FOR-US: Care2x Hospital Information Management
 CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital 
Information ...)
        NOT-FOR-US: Care2x Open Source Hospital Information Management
 CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
@@ -17075,7 +17075,7 @@ CVE-2021-32650
 CVE-2021-32649
        RESERVED
 CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP 
Framework. In af ...)
-       TODO: check
+       NOT-FOR-US: October CMS
 CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected 
versions ...)
        NOT-FOR-US: Emissary
 CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides 
automatic voice ...)
@@ -18385,7 +18385,7 @@ CVE-2021-3538 (A flaw was found in 
github.com/satori/go.uuid in versions from co
 CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions 
before 3.1. ...)
        NOT-FOR-US: VerityStream MSOW Solutions
 CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in 
SolarWi ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure 
Deserialization. ...)
        NOT-FOR-US: Re-Logic Terraria
 CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 
allows a ...)
@@ -25235,7 +25235,7 @@ CVE-2021-29488 (SABnzbd is an open source binary 
newsreader. A vulnerability was
        NOTE: 
https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp
        NOTE: 
https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b
 CVE-2021-29487 (octobercms in a CMS platform based on the Laravel PHP 
Framework. In af ...)
-       TODO: check
+       NOT-FOR-US: October CMS
 CVE-2021-29486 (cumulative-distribution-function is an open source npm library 
used wh ...)
        NOT-FOR-US: Node cumulative-distribution-function
 CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In 
versions prior  ...)
@@ -29091,7 +29091,7 @@ CVE-2021-3421 (A flaw was found in the RPM package in 
the read functionality. Th
        [stretch] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747
 CVE-2021-27944 (Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 
and E50x-E ...)
-       TODO: check
+       NOT-FOR-US: Vizio
 CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and 
E50x-E1  ...)
        NOT-FOR-US: Vizio
 CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs 
allow a thre ...)
@@ -81027,11 +81027,11 @@ CVE-2020-18479
 CVE-2020-18478
        RESERVED
 CVE-2020-18477 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the 
purchase enqui ...)
-       TODO: check
+       NOT-FOR-US: Hucart CMS
 CVE-2020-18476 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic 
informat ...)
-       TODO: check
+       NOT-FOR-US: Hucart CMS
 CVE-2020-18475 (Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 
5.7.4 is  ...)
-       TODO: check
+       NOT-FOR-US: Hucart CMS
 CVE-2020-18474
        RESERVED
 CVE-2020-18473
@@ -81041,13 +81041,13 @@ CVE-2020-18472
 CVE-2020-18471
        RESERVED
 CVE-2020-18470 (Stored cross-site scripting (XSS) vulnerability in the Name of 
applica ...)
-       TODO: check
+       NOT-FOR-US: Rukovoditel
 CVE-2020-18469 (Stored cross-site scripting (XSS) vulnerability in the 
Copyright Text  ...)
-       TODO: check
+       NOT-FOR-US: Rukovoditel
 CVE-2020-18468 (Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in 
the Hea ...)
-       TODO: check
+       NOT-FOR-US: qdPM
 CVE-2020-18467 (Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 
4.4.3 in ...)
-       TODO: check
+       NOT-FOR-US: BigTree-CMS
 CVE-2020-18466
        RESERVED
 CVE-2020-18465
@@ -91570,9 +91570,9 @@ CVE-2020-14163 (An issue was discovered in 
ecma/operations/ecma-container-object
 CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local 
www-data use ...)
        NOT-FOR-US: Pi-Hole
 CVE-2020-14161 (It is possible to inject HTML and/or JavaScript in the HTML to 
PDF con ...)
-       TODO: check
+       NOT-FOR-US: Gotenberg
 CVE-2020-14160 (An SSRF vulnerability in Gotenberg through 6.2.1 exists in the 
remote  ...)
-       TODO: check
+       NOT-FOR-US: Gotenberg
 CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 
2020.5.178, a  ...)
        NOT-FOR-US: ConnectWise
 CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any 
security me ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94de822f5f0cdf35e1f7a596462310a84741020

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94de822f5f0cdf35e1f7a596462310a84741020
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to