[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Apr 23 05:46:59 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c009fda by Salvatore Bonaccorso at 2021-04-23T06:46:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2021-3512
 CVE-2021-3511
 	RESERVED
 CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
-	TODO: check
+	NOT-FOR-US: Amazon Web Services FreeRTOS kernel
 CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
-	TODO: check
+	NOT-FOR-US: Amazon Web Services FreeRTOS kernel
 CVE-2021-31570
 	RESERVED
 CVE-2021-31569
@@ -2345,7 +2345,7 @@ CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the
 CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2021-30476 (HashiCorp Terraform’s Vault Provider (terraform-provider-vault)  ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Terraform Vault Provider
 CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...)
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
@@ -2613,7 +2613,7 @@ CVE-2021-30358
 CVE-2021-30357
 	RESERVED
 CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...)
-	TODO: check
+	NOT-FOR-US: Check Point Identity Agent
 CVE-2021-30355
 	RESERVED
 CVE-2021-30354
@@ -4233,7 +4233,7 @@ CVE-2021-29655
 CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
 	NOT-FOR-US: AjaxSearchPro
 CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...)
 	NOT-FOR-US: Pomerium
 CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...)
@@ -9416,7 +9416,7 @@ CVE-2021-27402
 CVE-2021-27401
 	RESERVED
 CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
 	- owncloud <removed>
 CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...)
@@ -9723,9 +9723,9 @@ CVE-2021-27280
 CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCo ...)
 	NOT-FOR-US: MyBB
 CVE-2021-27278 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2021-27277 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...)
 	NOT-FOR-US: Netgear
 CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -12751,7 +12751,7 @@ CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extract
 CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...)
 	NOT-FOR-US: Joomla!
 CVE-2021-3287 (Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Rem ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
 	NOT-FOR-US: ACDSee Professional 2021
 CVE-2021-26025 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
@@ -24320,9 +24320,9 @@ CVE-2021-21429
 CVE-2021-21428
 	RESERVED
 CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
-	TODO: check
+	NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
-	TODO: check
+	NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...)
 	NOT-FOR-US: Grav Admin Plugin
 CVE-2021-21424
@@ -34749,7 +34749,7 @@ CVE-2021-1080
 CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...)
 	NOT-FOR-US: NVIDIA
 CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
 CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver  ...)
 	- nvidia-graphics-drivers <unfixed> (bug #987216)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -34769,9 +34769,9 @@ CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, co
 	- nvidia-graphics-drivers-tesla-450 <unfixed> (bug #987221)
 	- nvidia-graphics-drivers-tesla-460 <unfixed> (bug #987222)
 CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
 CVE-2021-1074 (NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, con ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
 CVE-2021-1073
 	RESERVED
 CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...)
@@ -39561,9 +39561,9 @@ CVE-2020-27571
 CVE-2020-27570
 	RESERVED
 CVE-2020-27569 (Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier.  ...)
-	TODO: check
+	NOT-FOR-US: Aviatrix VPN Client
 CVE-2020-27568 (Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Sever ...)
-	TODO: check
+	NOT-FOR-US: Aviatrix Controller
 CVE-2020-27567
 	RESERVED
 CVE-2020-27566
@@ -87365,15 +87365,15 @@ CVE-2020-7863
 CVE-2020-7862
 	RESERVED
 CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...)
-	TODO: check
+	NOT-FOR-US: AnySupport
 CVE-2020-7860
 	RESERVED
 CVE-2020-7859
 	RESERVED
 CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...)
-	TODO: check
+	NOT-FOR-US: AquaNPlayer
 CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...)
-	TODO: check
+	NOT-FOR-US: XPlatform
 CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated attacker to  ...)
 	NOT-FOR-US: Helpcom
 CVE-2020-7855



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c009fda8dc8309458bc199b3c1fcd5a5aee1052

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c009fda8dc8309458bc199b3c1fcd5a5aee1052
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210423/8f6decaf/attachment.htm>

More information about the debian-security-tracker-commits mailing list