[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 19 06:42:04 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18cc00d8 by Salvatore Bonaccorso at 2021-08-19T07:41:42+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17270,7 +17270,7 @@ CVE-2021-31822
 CVE-2021-31821
 	RESERVED
 CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2021-31819
 	RESERVED
 CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL  ...)
@@ -26010,7 +26010,7 @@ CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 20
 	NOTE: Introduced by: https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32
 	NOTE: Fixed by: https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2
 CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to imperson ...)
-	TODO: check
+	NOT-FOR-US: ThroughTek
 CVE-2021-28371
 	RESERVED
 CVE-2021-28370
@@ -41404,9 +41404,9 @@ CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine o
 CVE-2021-21869
 	RESERVED
 CVE-2021-21868 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-21867 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
 	NOT-FOR-US: CODESYS
 CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...)
@@ -41490,7 +41490,7 @@ CVE-2021-21827
 CVE-2021-21826
 	RESERVED
 CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
-	TODO: check
+	NOT-FOR-US: AT&T Labs Xmill
 CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420  ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21823
@@ -41520,7 +41520,7 @@ CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the comman
 CVE-2021-21811
 	RESERVED
 CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...)
-	TODO: check
+	NOT-FOR-US: AT&T Labs Xmill
 CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...)
 	NOT-FOR-US: Moodle plugin
 CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
@@ -56799,7 +56799,7 @@ CVE-2020-28148
 CVE-2020-28147
 	RESERVED
 CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and  ...)
-	TODO: check
+	NOT-FOR-US: Eyoucms
 CVE-2020-28145
 	RESERVED
 CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...)
@@ -62823,11 +62823,11 @@ CVE-2020-25930
 CVE-2020-25929
 	RESERVED
 CVE-2020-25928 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by:  ...)
-	TODO: check
+	NOT-FOR-US: InterNiche NicheStack TCP/IP
 CVE-2020-25927 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by:  ...)
-	TODO: check
+	NOT-FOR-US: InterNiche NicheStack TCP/IP
 CVE-2020-25926 (The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: I ...)
-	TODO: check
+	NOT-FOR-US: InterNiche NicheStack TCP/IP
 CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10 ...)
 	NOT-FOR-US: IceWarp
 CVE-2020-25924
@@ -63215,7 +63215,7 @@ CVE-2020-25769
 CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...)
 	NOT-FOR-US: Contao CMS
 CVE-2020-25767 (An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_c ...)
-	TODO: check
+	NOT-FOR-US: HCC Embedded NicheStack
 CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
 	NOT-FOR-US: MISP
 CVE-2020-25765 (Addressed remote code execution vulnerability in reg_device.php due to ...)
@@ -68880,7 +68880,7 @@ CVE-2020-23343
 CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...)
 	NOT-FOR-US: Anchor CMS
 CVE-2020-23341 (A reflected cross site scripting (XSS) vulnerability in the /header.tm ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2020-23340
 	RESERVED
 CVE-2020-23339
@@ -68894,7 +68894,7 @@ CVE-2020-23336
 CVE-2020-23335
 	RESERVED
 CVE-2020-23334 (A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTer ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-23333 (A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom  ...)
 	NOT-FOR-US: Bento4
 CVE-2020-23332 (A heap-based buffer overflow exists in the AP4_StdcFileByteStream::Rea ...)
@@ -71371,15 +71371,15 @@ CVE-2020-22126
 CVE-2020-22125
 	RESERVED
 CVE-2020-22124 (A vulnerability in the \inc\config.php component of joyplus-cms v1.6 a ...)
-	TODO: check
+	NOT-FOR-US: joyplus-cms
 CVE-2020-22123
 	RESERVED
 CVE-2020-22122 (A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a  ...)
-	TODO: check
+	NOT-FOR-US: LJCMS
 CVE-2020-22121
 	RESERVED
 CVE-2020-22120 (A remote code execution (RCE) vulnerability in /root/run/adm.php?admin ...)
-	TODO: check
+	NOT-FOR-US: imcat
 CVE-2020-22119
 	RESERVED
 CVE-2020-22118
@@ -76476,7 +76476,7 @@ CVE-2020-19671
 CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...)
 	NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition
 CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...)
-	TODO: check
+	NOT-FOR-US: Eyoucms
 CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...)
 	- libsixel <unfixed> (bug #990799)
 	[bullseye] - libsixel <no-dsa> (Minor issue)
@@ -78120,7 +78120,7 @@ CVE-2020-18877
 CVE-2020-18876
 	RESERVED
 CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...)
-	TODO: check
+	NOT-FOR-US: DotCMS
 CVE-2020-18874
 	RESERVED
 CVE-2020-18873
@@ -78378,7 +78378,7 @@ CVE-2020-18748
 CVE-2020-18747
 	RESERVED
 CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...)
-	TODO: check
+	NOT-FOR-US: AiteCMS
 CVE-2020-18745
 	RESERVED
 CVE-2020-18744



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18cc00d86c997e47246e2ffe9021452cce6455db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18cc00d86c997e47246e2ffe9021452cce6455db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210819/edd4ba52/attachment.htm>

More information about the debian-security-tracker-commits mailing list