[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Apr 16 09:26:10 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1abbdce5 by Salvatore Bonaccorso at 2021-04-16T10:25:48+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2021-31416
 CVE-2021-31415
 	RESERVED
 CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...)
-	TODO: check
+	NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code
 CVE-2021-31413
 	RESERVED
 CVE-2021-31412
@@ -8372,9 +8372,9 @@ CVE-2021-27694
 CVE-2021-27693
 	RESERVED
 CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware versions v1 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions v15.11.0. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2021-27690
 	RESERVED
 CVE-2021-27689
@@ -9652,7 +9652,7 @@ CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. W
 CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
 	NOT-FOR-US: D-Link
 CVE-2021-27112 (LightCMS v1.3.5 contains a remote code execution vulnerability in /app ...)
-	TODO: check
+	NOT-FOR-US: LightCMS
 CVE-2021-27111
 	RESERVED
 CVE-2021-27110
@@ -12215,9 +12215,9 @@ CVE-2021-26076 (The jira.editor.user.mode cookie set by the Jira Editor Plugin i
 CVE-2021-26075 (The Jira importers plugin AttachTemporaryFile rest resource in Jira Se ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-26074 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) from ver ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-26073 (Broken Authentication in Atlassian Connect Express (ACE) from version  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence Data Ce ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...)
@@ -24958,7 +24958,7 @@ CVE-2021-21102
 CVE-2021-21101
 	RESERVED
 CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-21099
 	RESERVED
 CVE-2021-21098
@@ -34003,9 +34003,9 @@ CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_
 CVE-2020-28594
 	RESERVED
 CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server function ...)
-	TODO: check
+	NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF
 CVE-2020-28592 (A heap-based buffer overflow vulnerability exists in the configuration ...)
-	TODO: check
+	NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF
 CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...)
 	- slic3r 1.3.0+dfsg1-4 (bug #985620)
 	[stretch] - slic3r <not-affected> (Vulnerable code not present)
@@ -39612,11 +39612,11 @@ CVE-2020-27241
 CVE-2020-27240
 	RESERVED
 CVE-2020-27239 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
-	TODO: check
+	NOT-FOR-US: OpenClinic
 CVE-2020-27238 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
-	TODO: check
+	NOT-FOR-US: OpenClinic
 CVE-2020-27237 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
-	TODO: check
+	NOT-FOR-US: OpenClinic
 CVE-2020-27236 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
 	NOT-FOR-US: OpenClinic
 CVE-2020-27235 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...)
@@ -87921,7 +87921,7 @@ CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McA
 CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee Applicat ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7308 (Cleartext Transmission of Sensitive Information between McAfee Endpoin ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7306 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
@@ -87997,9 +87997,9 @@ CVE-2020-7272
 CVE-2020-7271
 	RESERVED
 CVE-2020-7270 (Exposure of Sensitive Information in the web interface in McAfee Advan ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7269 (Exposure of Sensitive Information in the web interface in McAfee Advan ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7268 (Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prio ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)
@@ -158812,7 +158812,7 @@ CVE-2018-19944 (A cleartext transmission of sensitive information vulnerability
 CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19942 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If exploited, th ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19940



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abbdce572196a32f00755d3d2c5849a1a9c6c64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abbdce572196a32f00755d3d2c5849a1a9c6c64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210416/1b65ab44/attachment.htm>

More information about the debian-security-tracker-commits mailing list