[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Apr 13 21:20:01 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74816398 by Salvatore Bonaccorso at 2021-04-13T22:19:38+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4503,11 +4503,11 @@ CVE-2021-28649
 CVE-2021-28648
 	RESERVED
 CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2021-28646 (An insecure file permissions vulnerability in Trend Micro Apex One, Ap ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2021-28645 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists  ...)
 	{DLA-2596-1}
 	- shadow 1:4.5-1 (bug #914957)
@@ -6915,7 +6915,7 @@ CVE-2021-27611
 CVE-2021-27610
 	RESERVED
 CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-27608
 	RESERVED
 CVE-2021-27607
@@ -6923,21 +6923,21 @@ CVE-2021-27607
 CVE-2021-27606
 	RESERVED
 CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-27604
 	RESERVED
 CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-27599
 	RESERVED
 CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-27597
 	RESERVED
 CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...)
@@ -12709,13 +12709,13 @@ CVE-2021-25255
 CVE-2021-25254
 	RESERVED
 CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-25250 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-25248 (An out-of-bounds read information disclosure vulnerability in Trend Mi ...)
@@ -18687,7 +18687,7 @@ CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Br
 CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...)
 	NOT-FOR-US: Micro Focus
 CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations Agent ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...)
 	NOT-FOR-US: Micro Focus
 CVE-2021-22503
@@ -21493,7 +21493,7 @@ CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5
 CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...)
 	NOT-FOR-US: SAP
 CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...)
 	NOT-FOR-US: SAP
 CVE-2021-21490
@@ -21511,9 +21511,9 @@ CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator
 CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...)
 	NOT-FOR-US: SAP
 CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-21482 (SAP NetWeaver Master Data Management, versions - 710, 710.750, allows  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...)
 	NOT-FOR-US: SAP
 CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74816398b071dd99453ec9278ca9d1b77727601c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74816398b071dd99453ec9278ca9d1b77727601c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210413/7c736928/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list