Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa6c5470 by Salvatore Bonaccorso at 2021-03-19T09:53:41+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -375,7 +375,7 @@ CVE-2021-28655
CVE-2021-28654
RESERVED
CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital
G-Technolo ...)
- TODO: check
+ NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology
ArmorLock NVMe SSD
CVE-2021-28652
RESERVED
CVE-2021-28651
@@ -1430,7 +1430,7 @@ CVE-2021-28162 (In Eclipse Theia versions up to and
including 0.16.0, in the not
CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the
debug cons ...)
NOT-FOR-US: Eclipse Theia
CVE-2021-28160 (Reflected XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater
28.08.06.1 ...)
- TODO: check
+ NOT-FOR-US: Acexy (BoyaMicro) Wireless-N WiFi Repeater
CVE-2021-28159
RESERVED
CVE-2021-28158
@@ -1549,7 +1549,7 @@ CVE-2021-28128
CVE-2021-28127
RESERVED
CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG)
before 3.1 ...)
- TODO: check
+ NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
CVE-2021-28125
RESERVED
CVE-2021-28124
@@ -1590,9 +1590,9 @@ CVE-2021-28112
CVE-2021-28111
RESERVED
CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before
3.1.27. ...)
- TODO: check
+ NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php
reflected C ...)
- TODO: check
+ NOT-FOR-US: TranzWare (POI) FIMI
CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier
Authent ...)
- courier-authlib 0.71.1-2 (bug #984810)
NOTE: Re-introduction of #378571 while migrating from
debian/permissions to
@@ -3137,7 +3137,7 @@ CVE-2021-27438
CVE-2021-27437
RESERVED
CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: WebAccess/SCADA
CVE-2021-27435
RESERVED
CVE-2021-27434
@@ -3624,7 +3624,7 @@ CVE-2021-27223
CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote
authenticat ...)
NOT-FOR-US: "Time in Status" app
CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote
authenticated ft ...)
- TODO: check
+ NOT-FOR-US: MikroTik RouterOS
CVE-2021-27220
RESERVED
CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of
Yubico y ...)
@@ -21842,11 +21842,11 @@ CVE-2020-35457 (** DISPUTED ** GNOME GLib before
2.65.3 has an integer overflow,
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
NOTE: Upstream position is that it is not realistically a security
issue.
CVE-2020-35456 (The Taidii Diibear Android application 2.4.0 and all its
derivatives a ...)
- TODO: check
+ NOT-FOR-US: Taidii Diibear Android application
CVE-2020-35455 (The Taidii Diibear Android application 2.4.0 and all its
derivatives a ...)
- TODO: check
+ NOT-FOR-US: Taidii Diibear Android application
CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its
derivatives a ...)
- TODO: check
+ NOT-FOR-US: Taidii Diibear Android application
CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature
incorre ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-35452
@@ -27425,7 +27425,7 @@ CVE-2021-1289 (Multiple vulnerabilities in the
web-based management interface of
CVE-2021-1288 (Multiple vulnerabilities in the ingress packet processing
function of ...)
NOT-FOR-US: Cisco
CVE-2021-1287 (A vulnerability in the web-based management interface of Cisco
RV132W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1285
@@ -76536,7 +76536,7 @@ CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows
remote attackers to cause a de
CVE-2020-9368 (The Module Olea Gift On Order module through 5.0.8 for
PrestaShop enab ...)
NOT-FOR-US: Module Olea Gift On Order module for PrestaShop
CVE-2020-9367 (The MPS Agent in Zoho ManageEngine Desktop Central MSP build
MSP build ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds
(OOB) re ...)
- pure-ftpd 1.0.49-3 (bug #952471)
[buster] - pure-ftpd <no-dsa> (Minor issue)
@@ -83546,9 +83546,9 @@ CVE-2020-6580
CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in
mailhive/cloudbeez/cloudlo ...)
NOT-FOR-US: MailBeez plugin for ZenCart
CVE-2020-6578 (Zen Cart 1.5.6d allows reflected XSS via the main_page
parameter to in ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2020-6577 (The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition)
allows ...)
- TODO: check
+ NOT-FOR-US: IT-Recht Kanzlei plugin in Zen Cart
CVE-2020-6576 (Use after free in offscreen canvas in Google Chrome prior to
85.0.4183 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c54705ffb5c4a683e41f568df607ebe6739d2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c54705ffb5c4a683e41f568df607ebe6739d2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
