Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d63323f by Salvatore Bonaccorso at 2021-01-22T12:50:45+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -161,7 +161,7 @@ CVE-2021-3201
CVE-2021-3200
RESERVED
CVE-2021-3199 (Directory traversal with remote code execution can occur in
/upload in ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE Document Server
CVE-2021-3198
RESERVED
CVE-2021-25899
@@ -607,9 +607,9 @@ CVE-2021-25680
CVE-2021-25679
RESERVED
CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products.
They do ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via
a crafte ...)
- TODO: check
+ NOT-FOR-US: LuCI in OpenWrt
CVE-2021-3197
RESERVED
CVE-2021-3196
@@ -714,9 +714,9 @@ CVE-2021-25644
CVE-2021-25643
RESERVED
CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an
authenticated ...)
- TODO: check
+ NOT-FOR-US: TinyCheck
CVE-2020-36199 (TinyCheck before commits 9fd360d and ea53de8 was vulnerable to
command ...)
- TODO: check
+ NOT-FOR-US: TinyCheck
CVE-2021-25642
RESERVED
CVE-2021-25641
@@ -6463,11 +6463,11 @@ CVE-2021-22875
CVE-2021-22874
RESERVED
CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects
via the ` ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected
cross-site s ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager
account t ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2021-22870
RESERVED
CVE-2021-22869
@@ -10421,7 +10421,7 @@ CVE-2020-35755
CVE-2020-35754
RESERVED
CVE-2020-35753 (The job posting recommendation form in Persis Human Resource
Managemen ...)
- TODO: check
+ NOT-FOR-US: Persis Human Resource Management Portal
CVE-2020-35752
RESERVED
CVE-2020-35751
@@ -18584,7 +18584,7 @@ CVE-2020-28876
CVE-2020-28875
RESERVED
CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2020-28873
RESERVED
CVE-2020-28872
@@ -23637,7 +23637,7 @@ CVE-2020-27861
CVE-2020-27860
RESERVED
CVE-2020-27859 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: NEC ESMPRO Manager
CVE-2020-27858 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
TODO: check
CVE-2020-27857
@@ -27764,7 +27764,7 @@ CVE-2020-26297 (mdBook is a utility to create modern
online books from Markdown
CVE-2020-26296 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
NOT-FOR-US: Node vega
CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In
OpenMage ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux
contain ...)
NOT-FOR-US: Vela
CVE-2020-26293 (HtmlSanitizer is a .NET library for cleaning HTML fragments
and docume ...)
@@ -27784,7 +27784,7 @@ CVE-2020-26287 (HedgeDoc is a collaborative platform
for writing and sharing mar
CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing
markdown. ...)
NOT-FOR-US: HedgeDoc
CVE-2020-26285 (OpenMage is a community-driven alternative to Magento CE. In
OpenMage ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go.
Hugo de ...)
- hugo 0.79.1-1 (unimportant)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq
@@ -27877,7 +27877,7 @@ CVE-2020-26254 (omniauth-apple is the OmniAuth strategy
for "Sign In with Apple"
CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version
3.3.6, and ...)
NOT-FOR-US: Kirby CMS
CVE-2020-26252 (OpenMage is a community-driven alternative to Magento CE. In
OpenMage ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to
enable ...)
NOT-FOR-US: Open Zaak
CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In
oauthent ...)
@@ -31936,7 +31936,7 @@ CVE-2020-24551 (IProom MMC+ Server login page does not
validate specific paramet
CVE-2020-24550
RESERVED
CVE-2020-24549 (openMAINT before 1.1-2.4.2 allows remote authenticated users
to run ar ...)
- TODO: check
+ NOT-FOR-US: openMAINT
CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze)
allows SSR ...)
NOT-FOR-US: Ericom
CVE-2020-24547
@@ -38828,9 +38828,9 @@ CVE-2020-21149
CVE-2020-21148
RESERVED
CVE-2020-21147 (RockOA V1.9.8 is affected by a cross-site scripting (XSS)
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: RockOA
CVE-2020-21146 (Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Feehi CMS
CVE-2020-21145
RESERVED
CVE-2020-21144
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d63323feda91e6d5bf6ce8251cad5f454263df7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d63323feda91e6d5bf6ce8251cad5f454263df7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
