[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Apr 15 16:34:13 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6fde8ca1 by Salvatore Bonaccorso at 2021-04-15T17:33:51+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4104,7 +4104,7 @@ CVE-2021-29451
 CVE-2021-29450
 	RESERVED
 CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2021-29448
 	RESERVED
 CVE-2021-29447
@@ -7479,9 +7479,9 @@ CVE-2021-27992
 CVE-2021-27991
 	RESERVED
 CVE-2021-27990 (Appspace 6.2.4 is vulnerable to a broken authentication mechanism wher ...)
-	TODO: check
+	NOT-FOR-US: Appspace
 CVE-2021-27989 (Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in m ...)
-	TODO: check
+	NOT-FOR-US: Appspace
 CVE-2021-27988
 	RESERVED
 CVE-2021-27987
@@ -9139,9 +9139,9 @@ CVE-2021-27262 (This vulnerability allows remote attackers to disclose sensitive
 CVE-2021-27261 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit PhantomPDF
 CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...)
 	NOT-FOR-US: SolarWinds
 CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
@@ -20869,7 +20869,7 @@ CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/con
 CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...)
 	NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS)
 CVE-2021-3017 (The web interface on Intelbras WIN 300 and WRN 342 devices through 202 ...)
-	TODO: check
+	NOT-FOR-US: Intelbras
 CVE-2021-3016
 	RESERVED
 CVE-2021-3015
@@ -23523,7 +23523,7 @@ CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services
 CVE-2020-35661
 	RESERVED
 CVE-2020-35660 (Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal pag ...)
-	TODO: check
+	NOT-FOR-US: Monica
 CVE-2020-35659 (The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. ...)
 	NOT-FOR-US: Pi-hole
 CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, because ...)
@@ -30288,9 +30288,9 @@ CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professiona
 CVE-2020-29594 (Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x be ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2020-29593 (An issue was discovered in Orchard before 1.10. The Media Settings All ...)
-	TODO: check
+	NOT-FOR-US: Orchard CMS
 CVE-2020-29592 (An issue was discovered in Orchard before 1.10. A broken access contro ...)
-	TODO: check
+	NOT-FOR-US: Orchard CMS
 CVE-2020-29591 (Versions of the Official registry Docker images through 2.7.0 contain  ...)
 	NOT-FOR-US: registry Docker image
 CVE-2020-29590
@@ -36563,7 +36563,7 @@ CVE-2020-28126
 CVE-2020-28125
 	RESERVED
 CVE-2020-28124 (Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. ...)
-	TODO: check
+	NOT-FOR-US: LavaLite
 CVE-2020-28123
 	RESERVED
 CVE-2020-28122
@@ -52875,9 +52875,9 @@ CVE-2020-21090
 CVE-2020-21089
 	RESERVED
 CVE-2020-21088 (Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows rem ...)
-	TODO: check
+	NOT-FOR-US: X2engine X2CRM
 CVE-2020-21087 (Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows rem ...)
-	TODO: check
+	NOT-FOR-US: X2engine X2CRM
 CVE-2020-21086
 	RESERVED
 CVE-2020-21085
@@ -55503,7 +55503,7 @@ CVE-2020-19780
 CVE-2020-19779
 	RESERVED
 CVE-2020-19778 (Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote att ...)
-	TODO: check
+	NOT-FOR-US: Shopxo
 CVE-2020-19777
 	RESERVED
 CVE-2020-19776
@@ -132816,7 +132816,7 @@ CVE-2019-10883 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN C
 CVE-2019-10882 (The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2 ...)
 	NOT-FOR-US: Netskope
 CVE-2019-10881 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C80 ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2019-10880 (Within multiple XEROX products a vulnerability allows remote command e ...)
 	NOT-FOR-US: XEROX
 CVE-2018-20816 (An XSS combined with CSRF vulnerability discovered in SalesAgility Sui ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fde8ca1cd3a759298d4db4cc27b9d7dbe504fba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fde8ca1cd3a759298d4db4cc27b9d7dbe504fba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210415/a74aa9a6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list