[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Wed, 27 Oct 2021 01:49:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
08ad23c6 by Salvatore Bonaccorso at 2021-10-27T10:48:55+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3874,7 +3874,7 @@ CVE-2021-41867 (An information disclosure vulnerability 
in OnionShare 2.3 before
        - onionshare <undetermined>
        TODO: check details, exact fixing commits unclear
 CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed 
Template Na ...)
-       TODO: check
+       NOT-FOR-US: MyBB
 CVE-2021-3853
        RESERVED
 CVE-2021-3852
@@ -15128,25 +15128,25 @@ CVE-2021-37133
 CVE-2021-37132
        RESERVED
 CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager 
NetEco a ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 
6.0.2.The ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei 
products. ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-37128
        RESERVED
 CVE-2021-37127 (There is a signature management vulnerability in some huawei 
products. ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-37126
        RESERVED
 CVE-2021-37125
        RESERVED
 CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. 
Because  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-37123 (There is an improper authentication vulnerability in 
Hero-CT060 before ...)
        NOT-FOR-US: Hero-CT060
 CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei 
products. An a ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-37121
        RESERVED
 CVE-2021-37120
@@ -19596,7 +19596,7 @@ CVE-2021-35238 (User with Orion Platform Admin Rights 
could store XSS through UR
 CVE-2021-35237
        RESERVED
 CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog 
Server 9.7 ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog 
Server  ...)
        TODO: check
 CVE-2021-35234
@@ -24981,7 +24981,7 @@ CVE-2021-32953
 CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading 
procedure  ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an 
improper aut ...)
-       TODO: check
+       NOT-FOR-US: WebAccess/NMS
 CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF 
files in  ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32949
@@ -47791,7 +47791,7 @@ CVE-2021-23879 (Unquoted service path vulnerability in 
McAfee Endpoint Product R
 CVE-2021-23878 (Clear text storage of sensitive Information in memory 
vulnerability in ...)
        NOT-FOR-US: McAfee
 CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial 
installer of M ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) 
prior to ...)
        NOT-FOR-US: McAfee
 CVE-2021-23875
@@ -81104,7 +81104,7 @@ CVE-2020-22866
 CVE-2020-22865
        RESERVED
 CVE-2020-22864 (A cross site scripting (XSS) vulnerability in the Insert Video 
functio ...)
-       TODO: check
+       NOT-FOR-US: Froala WYSIWYG Editor
 CVE-2020-22863
        RESERVED
 CVE-2020-22862
@@ -118903,7 +118903,7 @@ CVE-2020-7869 (An improper input validation 
vulnerability of ZOOK software (remo
 CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote 
administ ...)
        NOT-FOR-US: helpUS(remote administration tool)
 CVE-2020-7867 (An improper input validation vulnerability in Helpu solution 
could all ...)
-       TODO: check
+       NOT-FOR-US: Helpu
 CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX 
component,  ...)
        NOT-FOR-US: XPLATFORM
 CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B 
soluti ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad23c63d78a81b5875e7638b49044f82fe56f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad23c63d78a81b5875e7638b49044f82fe56f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to