[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Fri, 26 Mar 2021 13:28:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
af9b5e53 by Salvatore Bonaccorso at 2021-03-26T21:28:12+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2021-29257
 CVE-2021-29256
        RESERVED
 CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin 
credent ...)
-       TODO: check
+       NOT-FOR-US: MicroSeven
 CVE-2021-29254
        RESERVED
 CVE-2021-29253
@@ -2182,13 +2182,13 @@ CVE-2021-28252
 CVE-2021-28251
        RESERVED
 CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager 
through ...)
-       TODO: check
+       NOT-FOR-US: CA eHealth Performance Manager
 CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager 
through ...)
-       TODO: check
+       NOT-FOR-US: CA eHealth Performance Manager
 CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager 
through ...)
-       TODO: check
+       NOT-FOR-US: CA eHealth Performance Manager
 CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager 
through ...)
-       TODO: check
+       NOT-FOR-US: CA eHealth Performance Manager
 CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager 
through ...)
        NOT-FOR-US: CA eHealth Performance Manager
 CVE-2021-28245
@@ -7886,7 +7886,7 @@ CVE-2021-3277
 CVE-2021-3276
        RESERVED
 CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in 
multiple T ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2021-3274
        RESERVED
 CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the 
/nagiosxi/adm ...)
@@ -9144,13 +9144,13 @@ CVE-2021-25374
 CVE-2021-25373
        RESERVED
 CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 
Release ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu 
driver pri ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25369 (An improper access control vulnerability in sec_log file prior 
to SMR  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 
4.7.0.3 allo ...)
        NOT-FOR-US: Samsung
 CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 
4.2.00. ...)
@@ -12474,11 +12474,11 @@ CVE-2021-23892
 CVE-2021-23891
        RESERVED
 CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee 
ePolicy  ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy 
Orchestrator (ePO ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee 
ePolicy O ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2021-23887
        RESERVED
 CVE-2021-23886
@@ -13863,7 +13863,7 @@ CVE-2021-3111 (The Express Entries Dashboard in 
Concrete5 8.5.4 allows stored XS
 CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based 
boolean SQL i ...)
        NOT-FOR-US: PrestaShop
 CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform 
before  ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal 
via ../  ...)
        NOT-FOR-US: MERCUSYS Mercury X18G devices
 CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal 
via ../  ...)
@@ -14543,7 +14543,7 @@ CVE-2021-22888 (Revive Adserver before v5.2.0 is 
vulnerable to a reflected XSS v
 CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series 
Hardware) mode ...)
        NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 
and PSA7000
 CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to 
persist ...)
-       TODO: check
+       NOT-FOR-US: Rocket.Chat
 CVE-2021-22885
        RESERVED
 CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is 
vulnerable to ...)
@@ -18372,7 +18372,7 @@ CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 
1811, 1905, 2005, 2011, all
 CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, 
allows mul ...)
        NOT-FOR-US: SAP
 CVE-2020-35856 (SolarWinds Orion Platform before 2020.2.5 allows stored XSS 
attacks by ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2020-35855
        RESERVED
 CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in 
the Bod ...)
@@ -20849,11 +20849,11 @@ CVE-2021-20685
 CVE-2021-20684
        RESERVED
 CVE-2021-20683 (Improper neutralization of JavaScript input in the blog 
article editin ...)
-       TODO: check
+       NOT-FOR-US: baserCMS
 CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with 
an admi ...)
-       TODO: check
+       NOT-FOR-US: baserCMS
 CVE-2021-20681 (Improper neutralization of JavaScript input in the page 
editing functi ...)
-       TODO: check
+       NOT-FOR-US: baserCMS
 CVE-2021-20680
        RESERVED
 CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII 
C7773/C6 ...)
@@ -20861,7 +20861,7 @@ CVE-2021-20679 (Fuji Xerox multifunction devices and 
printers (DocuCentre-VII C7
 CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro 
versions prior ...)
        NOT-FOR-US: Paid Memberships Pro
 CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 
3.51, UNIV ...)
-       TODO: check
+       NOT-FOR-US: UNIVERGE
 CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, 
type B ( ...)
        NOT-FOR-US: M-System
 CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, 
type B ( ...)
@@ -27710,7 +27710,7 @@ CVE-2020-28697
 CVE-2020-28696
        RESERVED
 CVE-2020-28695 (Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 
devices  ...)
-       TODO: check
+       NOT-FOR-US: Askey Fiber Router RTF3505VW-N1 
BR_SV_g000_R3505VWN1001_s32_7 devices
 CVE-2020-28694
        RESERVED
 CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta 
allows an  ...)
@@ -50848,7 +50848,7 @@ CVE-2020-19628
 CVE-2020-19627
        RESERVED
 CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, 
allows re ...)
-       TODO: check
+       NOT-FOR-US: craftcms
 CVE-2020-19625 (Remote Code Execution Vulnerability in 
tests/support/stores/test_grid_ ...)
        TODO: check
 CVE-2020-19624



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af9b5e534537228200b19ad9f80e8af014b4907a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af9b5e534537228200b19ad9f80e8af014b4907a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to