[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 7 09:19:15 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6483fd64 by Salvatore Bonaccorso at 2021-08-07T10:18:53+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2021-38159
 CVE-2021-38158
 	RESERVED
 CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before ...)
-	TODO: check
+	NOT-FOR-US: LeoStream Connection Broker
 CVE-2021-38156
 	RESERVED
 CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
@@ -28,7 +28,7 @@ CVE-2021-38150
 CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...)
 	NOT-FOR-US: Chikitsa Patient Management System
 CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...)
-	TODO: check
+	NOT-FOR-US: Obsidian
 CVE-2021-38147
 	RESERVED
 CVE-2021-38146
@@ -1303,35 +1303,35 @@ CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon be
 CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...)
 	NOT-FOR-US: TX9 Automatic Food Dispenser
 CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-37539
 	RESERVED
 CVE-2021-3666
@@ -4271,7 +4271,7 @@ CVE-2021-36211
 CVE-2021-36210
 	RESERVED
 CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2021-36208
 	RESERVED
 CVE-2021-36207
@@ -6373,7 +6373,7 @@ CVE-2021-35314
 CVE-2021-35313
 	RESERVED
 CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...)
-	TODO: check
+	NOT-FOR-US: Amica Prodigy
 CVE-2021-35311
 	RESERVED
 CVE-2021-35310
@@ -37734,7 +37734,7 @@ CVE-2021-22297
 CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers  ...)
 	NOT-FOR-US: HarmonyOS
 CVE-2021-22295 (A component of the HarmonyOS has a permission bypass vulnerability. Lo ...)
-	TODO: check
+	NOT-FOR-US: HarmonyOS
 CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...)
 	NOT-FOR-US: HarmonyOS
 CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...)
@@ -54204,9 +54204,9 @@ CVE-2020-28090
 CVE-2020-28089
 	RESERVED
 CVE-2020-28088 (An arbitrary file upload vulnerability in /jeecg-boot/sys/common/uploa ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot CMS
 CVE-2020-28087 (A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of  ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot CMS
 CVE-2020-28086 (pass through 1.7.3 has a possibility of using a password for an uninte ...)
 	- password-store <unfixed> (unimportant)
 	NOTE: https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html
@@ -68199,7 +68199,7 @@ CVE-2020-22332
 CVE-2020-22331
 	RESERVED
 CVE-2020-22330 (Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the titl ...)
-	TODO: check
+	NOT-FOR-US: Subrion
 CVE-2020-22329
 	RESERVED
 CVE-2020-22328
@@ -70267,17 +70267,17 @@ CVE-2020-21360
 CVE-2020-21359
 	RESERVED
 CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attac ...)
-	TODO: check
+	NOT-FOR-US: Wage-CMS
 CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in /admin.php?mod=us ...)
-	TODO: check
+	NOT-FOR-US: PopojiCMS
 CVE-2020-21356 (An information disclosure vulnerability in upload.php of PopojiCMS 1.2 ...)
-	TODO: check
+	NOT-FOR-US: PopojiCMS
 CVE-2020-21355
 	RESERVED
 CVE-2020-21354
 	RESERVED
 CVE-2020-21353 (A stored cross site scripting (XSS) vulnerability in /admin/snippets.p ...)
-	TODO: check
+	NOT-FOR-US: GetSimple CMS
 CVE-2020-21352
 	RESERVED
 CVE-2020-21351
@@ -75682,7 +75682,7 @@ CVE-2020-18696
 CVE-2020-18695
 	RESERVED
 CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote att ...)
-	TODO: check
+	NOT-FOR-US: IgnitedCMS
 CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attacker ...)
 	NOT-FOR-US: MineWebCMS
 CVE-2020-18692



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6483fd642e3784406ce26129fdea3b525cd2e2c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6483fd642e3784406ce26129fdea3b525cd2e2c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210807/a8d7379a/attachment.htm>

More information about the debian-security-tracker-commits mailing list