[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Fri, 07 May 2021 02:04:26 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7925c8e0 by Salvatore Bonaccorso at 2021-05-07T11:03:52+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -697,19 +697,19 @@ CVE-2021-32106
 CVE-2021-32105
        RESERVED
 CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in 
interfa ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2021-32103 (A Stored XSS vulnerability in 
interface/usergroup/usergroup_admin.php  ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in 
library ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a 
incorrect acces ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora 
FMS 742 ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component 
of Arti ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to 
perform Pha ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2021-32097
        RESERVED
 CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency 
(NSA) Emi ...)
@@ -761,13 +761,13 @@ CVE-2021-3538
        NOTE: https://github.com/satori/go.uuid/issues/73
        TODO: check, probably introduced after the 1.2.0 release and only in a 
unreleased version.
 CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions 
before 3.1. ...)
-       TODO: check
+       NOT-FOR-US: VerityStream MSOW Solutions
 CVE-2021-32076
        RESERVED
 CVE-2021-32075
        RESERVED
 CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 
allows a ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action)
 CVE-2021-32073
        RESERVED
 CVE-2021-32072
@@ -1741,7 +1741,7 @@ CVE-2021-31739
 CVE-2021-31738
        RESERVED
 CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2021-31736
        RESERVED
 CVE-2021-31735
@@ -7518,7 +7518,7 @@ CVE-2021-29205
 CVE-2021-29204
        RESERVED
 CVE-2021-29203 (A security vulnerability has been identified in the HPE 
Edgeline Infra ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2021-29202
        RESERVED
 CVE-2021-29201
@@ -8701,7 +8701,7 @@ CVE-2021-28667 (StackStorm before 3.4.1, in some 
situations, has an infinite loo
 CVE-2021-28666
        RESERVED
 CVE-2021-28665 (Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 
has a me ...)
-       TODO: check
+       NOT-FOR-US: Stormshield SNS
 CVE-2021-28664
        RESERVED
        NOT-FOR-US: ARM components for Android
@@ -33979,9 +33979,9 @@ CVE-2020-29447 (Affected versions of Atlassian Crucible 
allow remote attackers t
 CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow 
remote att ...)
        NOT-FOR-US: Atlassian
 CVE-2020-29445 (Affected versions of Confluence Server before 7.11.0 allow 
attackers t ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 
7.11.0  ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows 
out-of- ...)
        {DLA-2560-1}
        - qemu <unfixed> (bug #983575)
@@ -51692,9 +51692,9 @@ CVE-2020-23266
 CVE-2020-23265
        RESERVED
 CVE-2020-23264 (Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 
allow remot ...)
-       TODO: check
+       NOT-FOR-US: Fork CMS
 CVE-2020-23263 (Persistent Cross-site scripting vulnerability on Fork CMS 
version 5.8. ...)
-       TODO: check
+       NOT-FOR-US: Fork CMS
 CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a 
malicious user ...)
        NOT-FOR-US: ming-soft MCMS
 CVE-2020-23261



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7925c8e085cde026baf4455d65d3d09eceb90e95

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7925c8e085cde026baf4455d65d3d09eceb90e95
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to