[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 18 18:32:43 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c136989e by Salvatore Bonaccorso at 2021-08-18T19:32:18+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2021-39270
 CVE-2021-39269
 	RESERVED
 CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2021-39266
 	RESERVED
 CVE-2021-39265
@@ -47,11 +47,11 @@ CVE-2021-39252
 CVE-2021-39251
 	RESERVED
 CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
-	TODO: check
+	NOT-FOR-US: Invision Community
 CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
-	TODO: check
+	NOT-FOR-US: Invision Community
 CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...)
-	TODO: check
+	NOT-FOR-US: Open edX
 CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read,  ...)
 	TODO: check
 CVE-2021-39246
@@ -1179,7 +1179,7 @@ CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions i
 CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
 	NOT-FOR-US: D-Link
 CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...)
-	TODO: check
+	NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
 CVE-2021-38701
 	RESERVED
 CVE-2021-38700
@@ -23748,7 +23748,7 @@ CVE-2021-29315
 CVE-2021-29314
 	RESERVED
 CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2021-29312
 	RESERVED
 CVE-2021-29311
@@ -24288,7 +24288,7 @@ CVE-2021-29083 (Improper neutralization of special elements used in an OS comman
 CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...)
 	NOT-FOR-US: Motorola MH702x devices
 CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...)
-	TODO: check
+	NOT-FOR-US: MM1000 device
 CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...)
 	NOT-FOR-US: Motorola MM1000 device configuration portal
 CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
@@ -45445,7 +45445,7 @@ CVE-2021-20794
 CVE-2021-20793
 	RESERVED
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions  ...)
-	TODO: check
+	NOT-FOR-US: Quiz And Survey Master
 CVE-2021-20791
 	RESERVED
 CVE-2021-20790
@@ -45479,51 +45479,51 @@ CVE-2021-20777 (Improper authorization in handler for custom URL scheme vulnerab
 CVE-2021-20776 (Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR  ...)
 	NOT-FOR-US: SCT-40CM01SR and AT-40CM01SR
 CVE-2021-20775 (Improper input validation vulnerability in Bulletin of Cybozu Garoon 4 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20774 (Cross-site scripting vulnerability in some functions of E-mail of Cybo ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0,  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20769 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20768 (Operational restrictions bypass vulnerability in Scheduler and MultiRe ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20767 (Cross-site scripting vulnerability in Full Text Search of Cybozu Garoo ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20766 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20765 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20764 (Improper input validation vulnerability in Attaching Files of Cybozu G ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20763 (Operational restrictions bypass vulnerability in Portal of Cybozu Garo ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20762 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20761 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20760 (Improper input validation vulnerability in User Profile of Cybozu Garo ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20759 (Operational restrictions bypass vulnerability in Bulletin of Cybozu Ga ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20758 (Cross-site request forgery (CSRF) vulnerability in Message of Cybozu G ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20757 (Operational restrictions bypass vulnerability in E-mail of Cybozu Garo ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20756 (Viewing restrictions bypass vulnerability in Address of Cybozu Garoon  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20755 (Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20754 (Improper input validation vulnerability in Workflow of Cybozu Garoon 4 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20753 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...)
 	NOT-FOR-US: IkaIka RSS Reader
 CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...)
@@ -58494,7 +58494,7 @@ CVE-2021-0116
 CVE-2021-0115
 	RESERVED
 CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
 	NOT-FOR-US: Intel
 CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before  ...)
@@ -68846,13 +68846,13 @@ CVE-2020-23335
 CVE-2020-23334 (A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTer ...)
 	TODO: check
 CVE-2020-23333 (A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom  ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-23332 (A heap-based buffer overflow exists in the AP4_StdcFileByteStream::Rea ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-23331 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-23330 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-23329
 	RESERVED
 CVE-2020-23328
@@ -79521,7 +79521,7 @@ CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attacke
 CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
 	NOT-FOR-US: LAOBANCMS
 CVE-2020-18164 (SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.p ...)
-	TODO: check
+	NOT-FOR-US: tp-shop
 CVE-2020-18163
 	RESERVED
 CVE-2020-18162
@@ -91086,9 +91086,9 @@ CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access
 CVE-2020-13590
 	RESERVED
 CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the "forms_fields ...)
 	NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c136989e878c4ec1f0f6b4d34e44e6ae67e1fa33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c136989e878c4ec1f0f6b4d34e44e6ae67e1fa33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210818/ee465ec8/attachment.htm>

More information about the debian-security-tracker-commits mailing list