[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Apr 29 06:26:50 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1007dce4 by Salvatore Bonaccorso at 2021-04-29T07:25:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3745,13 +3745,13 @@ CVE-2021-30171
 CVE-2021-30170
 	RESERVED
 CVE-2021-30169 (The sensitive information of webcam device is not properly protected.  ...)
-	TODO: check
+	NOT-FOR-US: LILIN
 CVE-2021-30168 (The sensitive information of webcam device is not properly protected.  ...)
-	TODO: check
+	NOT-FOR-US: LILIN
 CVE-2021-30167 (The manage users profile services of the network camera device allows  ...)
-	TODO: check
+	NOT-FOR-US: LILIN
 CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...)
-	TODO: check
+	NOT-FOR-US: LILIN
 CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...)
 	NOT-FOR-US: EDIMAX
 CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
@@ -5471,9 +5471,9 @@ CVE-2021-29444 (jose-browser-runtime is an npm package which provides a number o
 CVE-2021-29443 (jose is an npm library providing a number of cryptographic operations. ...)
 	NOT-FOR-US: Node jose
 CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and configu ...)
-	TODO: check
+	NOT-FOR-US: Nacos
 CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and configu ...)
-	TODO: check
+	NOT-FOR-US: Nacos
 CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static pages can ...)
 	NOT-FOR-US: Grav CMS
 CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not correctly veri ...)
@@ -5631,9 +5631,9 @@ CVE-2021-29390
 CVE-2021-29389
 	RESERVED
 CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in SourceCodester Bu ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Budget Management System
 CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sourceco ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Equipment Inventory System
 CVE-2021-29386
 	RESERVED
 CVE-2021-29385
@@ -6134,7 +6134,7 @@ CVE-2021-29161
 CVE-2021-29160
 	RESERVED
 CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered in Nexu ...)
-	TODO: check
+	NOT-FOR-US: Nexus Repository Manager
 CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has ...)
 	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2021-29157
@@ -9662,7 +9662,7 @@ CVE-2021-27650
 CVE-2021-27649
 	RESERVED
 CVE-2021-27648 (Externally controlled reference to a resource in another sphere in qua ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...)
 	NOT-FOR-US: Synology
 CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...)
@@ -15792,13 +15792,13 @@ CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered
 CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba AirWave M ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-25152
 	RESERVED
 CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered in Arub ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered  ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
@@ -15806,7 +15806,7 @@ CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Ar
 CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25147 (A remote authentication restriction bypass vulnerability was discovere ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered  ...)
 	NOT-FOR-US: Aruba
 CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...)
@@ -21824,7 +21824,7 @@ CVE-2021-22395
 CVE-2021-22394
 	RESERVED
 CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...)
-	TODO: check
+	NOT-FOR-US: CloudEngine (Huawei)
 CVE-2021-22392
 	RESERVED
 CVE-2021-22391
@@ -21946,17 +21946,17 @@ CVE-2021-22334
 CVE-2021-22333
 	RESERVED
 CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...)
-	TODO: check
+	NOT-FOR-US: CloudEngine (Huawei)
 CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei Smartphone HUA ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22329
 	RESERVED
 CVE-2021-22328
 	RESERVED
 CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22326
 	RESERVED
 CVE-2021-22325
@@ -52582,17 +52582,17 @@ CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET para
 CVE-2020-21997
 	RESERVED
 CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot comm ...)
-	TODO: check
+	NOT-FOR-US: AVE DOMINAplus
 CVE-2020-21995
 	RESERVED
 CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclos ...)
-	TODO: check
+	NOT-FOR-US: AVE DOMINAplus
 CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the GET param ...)
-	TODO: check
+	NOT-FOR-US: WEMS Limited Enterprise Manager
 CVE-2020-21992
 	RESERVED
 CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulne ...)
-	TODO: check
+	NOT-FOR-US: AVE DOMINAplus
 CVE-2020-21990
 	RESERVED
 CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...)
@@ -60556,13 +60556,13 @@ CVE-2020-18024
 CVE-2020-18023
 	RESERVED
 CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows r ...)
-	TODO: check
+	NOT-FOR-US: Qibosoft QiboCMS
 CVE-2020-18021
 	RESERVED
 CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to ex ...)
-	TODO: check
+	NOT-FOR-US: PHPSHE Mall System
 CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obt ...)
-	TODO: check
+	NOT-FOR-US: Xinhu OA System
 CVE-2020-18018
 	RESERVED
 CVE-2020-18017
@@ -60602,7 +60602,7 @@ CVE-2020-18001
 CVE-2020-18000
 	RESERVED
 CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: MiniCMS
 CVE-2020-17998
 	RESERVED
 CVE-2020-17997
@@ -89703,7 +89703,7 @@ CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in
 CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
 	NOT-FOR-US: Aruba
 CVE-2020-7123 (A local escalation of privilege vulnerability was discovered in Aruba  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)
 	NOT-FOR-US: Aruba
 CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1007dce4c67f61988f7de1c6163c977917f69aa7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1007dce4c67f61988f7de1c6163c977917f69aa7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210429/dfa49bc2/attachment-0001.htm>
