[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 18 Aug 2021 22:42:16 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
18cc00d8 by Salvatore Bonaccorso at 2021-08-19T07:41:42+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17270,7 +17270,7 @@ CVE-2021-31822
 CVE-2021-31821
        RESERVED
 CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server 
Web Req ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2021-31819
        RESERVED
 CVE-2021-31818 (Affected versions of Octopus Server are prone to an 
authenticated SQL  ...)
@@ -26010,7 +26010,7 @@ CVE-2021-28373 (The auth_internal plugin in Tiny Tiny 
RSS (aka tt-rss) before 20
        NOTE: Introduced by: 
https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32
        NOTE: Fixed by: 
https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2
 CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to 
imperson ...)
-       TODO: check
+       NOT-FOR-US: ThroughTek
 CVE-2021-28371
        RESERVED
 CVE-2021-28370
@@ -41404,9 +41404,9 @@ CVE-2021-21870 (A use-after-free vulnerability exists 
in the JavaScript engine o
 CVE-2021-21869
        RESERVED
 CVE-2021-21868 (A unsafe deserialization vulnerability exists in the 
ObjectManager.plu ...)
-       TODO: check
+       NOT-FOR-US: CODESYS
 CVE-2021-21867 (A unsafe deserialization vulnerability exists in the 
ObjectManager.plu ...)
-       TODO: check
+       NOT-FOR-US: CODESYS
 CVE-2021-21866 (A unsafe deserialization vulnerability exists in the 
ObjectManager.plu ...)
        NOT-FOR-US: CODESYS
 CVE-2021-21865 (A unsafe deserialization vulnerability exists in the 
PackageManagement ...)
@@ -41490,7 +41490,7 @@ CVE-2021-21827
 CVE-2021-21826
        RESERVED
 CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML 
Decompres ...)
-       TODO: check
+       NOT-FOR-US: AT&T Labs Xmill
 CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG 
Handle_JPEG420  ...)
        NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21823
@@ -41520,7 +41520,7 @@ CVE-2021-21812 (A stack-based buffer overflow 
vulnerability exists in the comman
 CVE-2021-21811
        RESERVED
 CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing 
ParseAttri ...)
-       TODO: check
+       NOT-FOR-US: AT&T Labs Xmill
 CVE-2021-21809 (A command execution vulnerability exists in the default legacy 
spellch ...)
        NOT-FOR-US: Moodle plugin
 CVE-2021-21808 (A memory corruption vulnerability exists in the PNG 
png_palette_proces ...)
@@ -56799,7 +56799,7 @@ CVE-2020-28148
 CVE-2020-28147
        RESERVED
 CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms 
v1.4.7 and  ...)
-       TODO: check
+       NOT-FOR-US: Eyoucms
 CVE-2020-28145
        RESERVED
 CVE-2020-28144 (Certain Moxa Inc products are affected by an improper 
restriction of o ...)
@@ -62823,11 +62823,11 @@ CVE-2020-25930
 CVE-2020-25929
        RESERVED
 CVE-2020-25928 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is 
affected by:  ...)
-       TODO: check
+       NOT-FOR-US: InterNiche NicheStack TCP/IP
 CVE-2020-25927 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is 
affected by:  ...)
-       TODO: check
+       NOT-FOR-US: InterNiche NicheStack TCP/IP
 CVE-2020-25926 (The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is 
affected by: I ...)
-       TODO: check
+       NOT-FOR-US: InterNiche NicheStack TCP/IP
 CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp 
WebClient 10 ...)
        NOT-FOR-US: IceWarp
 CVE-2020-25924
@@ -63215,7 +63215,7 @@ CVE-2020-25769
 CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 
4.10.1 hav ...)
        NOT-FOR-US: Contao CMS
 CVE-2020-25767 (An issue was discovered in HCC Embedded NicheStack IPv4 4.1. 
The dnc_c ...)
-       TODO: check
+       NOT-FOR-US: HCC Embedded NicheStack
 CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform 
an unwa ...)
        NOT-FOR-US: MISP
 CVE-2020-25765 (Addressed remote code execution vulnerability in 
reg_device.php due to ...)
@@ -68880,7 +68880,7 @@ CVE-2020-23343
 CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 
anchor/views/users/ed ...)
        NOT-FOR-US: Anchor CMS
 CVE-2020-23341 (A reflected cross site scripting (XSS) vulnerability in the 
/header.tm ...)
-       TODO: check
+       NOT-FOR-US: ATutor
 CVE-2020-23340
        RESERVED
 CVE-2020-23339
@@ -68894,7 +68894,7 @@ CVE-2020-23336
 CVE-2020-23335
        RESERVED
 CVE-2020-23334 (A WRITE memory access in the 
AP4_NullTerminatedStringAtom::AP4_NullTer ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2020-23333 (A heap-based buffer overflow exists in the 
AP4_CttsAtom::AP4_CttsAtom  ...)
        NOT-FOR-US: Bento4
 CVE-2020-23332 (A heap-based buffer overflow exists in the 
AP4_StdcFileByteStream::Rea ...)
@@ -71371,15 +71371,15 @@ CVE-2020-22126
 CVE-2020-22125
        RESERVED
 CVE-2020-22124 (A vulnerability in the \inc\config.php component of 
joyplus-cms v1.6 a ...)
-       TODO: check
+       NOT-FOR-US: joyplus-cms
 CVE-2020-22123
        RESERVED
 CVE-2020-22122 (A SQL injection vulnerability in /oa.php?c=Staff&amp;a=read of 
Find a  ...)
-       TODO: check
+       NOT-FOR-US: LJCMS
 CVE-2020-22121
        RESERVED
 CVE-2020-22120 (A remote code execution (RCE) vulnerability in 
/root/run/adm.php?admin ...)
-       TODO: check
+       NOT-FOR-US: imcat
 CVE-2020-22119
        RESERVED
 CVE-2020-22118
@@ -76476,7 +76476,7 @@ CVE-2020-19671
 CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, 
authentication ca ...)
        NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition
 CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in 
Eyoucms 1.3. ...)
-       TODO: check
+       NOT-FOR-US: Eyoucms
 CVE-2020-19668 (Unverified indexs into the array lead to out of bound access 
in the gi ...)
        - libsixel <unfixed> (bug #990799)
        [bullseye] - libsixel <no-dsa> (Minor issue)
@@ -78120,7 +78120,7 @@ CVE-2020-18877
 CVE-2020-18876
        RESERVED
 CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows 
remote a ...)
-       TODO: check
+       NOT-FOR-US: DotCMS
 CVE-2020-18874
        RESERVED
 CVE-2020-18873
@@ -78378,7 +78378,7 @@ CVE-2020-18748
 CVE-2020-18747
        RESERVED
 CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to 
execute arbit ...)
-       TODO: check
+       NOT-FOR-US: AiteCMS
 CVE-2020-18745
        RESERVED
 CVE-2020-18744



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18cc00d86c997e47246e2ffe9021452cce6455db

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18cc00d86c997e47246e2ffe9021452cce6455db
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to