[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 23 09:42:05 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
238644b7 by Salvatore Bonaccorso at 2021-08-23T10:41:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -495,9 +495,9 @@ CVE-2021-39370
 CVE-2021-39369
 	RESERVED
 CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...)
-	TODO: check
+	NOT-FOR-US: Canon Oce Print Exec Workgroup
 CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. ...)
-	TODO: check
+	NOT-FOR-US: Canon Oce Print Exec Workgroup
 CVE-2021-39366
 	RESERVED
 CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...)
@@ -704,11 +704,11 @@ CVE-2021-3719
 CVE-2021-3718
 	RESERVED
 CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...)
-	TODO: check
+	NOT-FOR-US: NetModule devices
 CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...)
-	TODO: check
+	NOT-FOR-US: NetModule devices
 CVE-2021-39289 (Certain NetModule devices have Insecure Password Handling (cleartext o ...)
-	TODO: check
+	NOT-FOR-US: NetModule devices
 CVE-2021-39288
 	RESERVED
 CVE-2021-39287
@@ -818,11 +818,11 @@ CVE-2021-3715
 CVE-2021-3714
 	RESERVED
 CVE-2021-39245 (Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto,  ...)
-	TODO: check
+	NOT-FOR-US: Altus
 CVE-2021-39244 (Authenticated Semi-Blind Command Injection (via Parameter Injection) e ...)
-	TODO: check
+	NOT-FOR-US: Altus
 CVE-2021-39243 (Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, ...)
-	TODO: check
+	NOT-FOR-US: Altus
 CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
 	{DSA-4960-1}
 	- haproxy 2.2.16-1
@@ -60160,17 +60160,17 @@ CVE-2020-27468
 CVE-2020-27467
 	RESERVED
 CVE-2020-27466 (An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemp ...)
-	TODO: check
+	NOT-FOR-US: rConfig
 CVE-2020-27465
 	RESERVED
 CVE-2020-27464 (An insecure update feature in the /updater.php component of rConfig 3. ...)
-	TODO: check
+	NOT-FOR-US: rConfig
 CVE-2020-27463
 	RESERVED
 CVE-2020-27462
 	RESERVED
 CVE-2020-27461 (A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed ...)
-	TODO: check
+	NOT-FOR-US: SEOPanel
 CVE-2020-27460
 	RESERVED
 CVE-2020-27459 (Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a ...)
@@ -65260,7 +65260,7 @@ CVE-2020-25361
 CVE-2020-25360
 	RESERVED
 CVE-2020-25359 (An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fix ...)
-	TODO: check
+	NOT-FOR-US: rConfig
 CVE-2020-25358
 	RESERVED
 CVE-2020-25357
@@ -65272,11 +65272,11 @@ CVE-2020-25355
 CVE-2020-25354
 	RESERVED
 CVE-2020-25353 (A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 ha ...)
-	TODO: check
+	NOT-FOR-US: rConfig
 CVE-2020-25352 (A stored cross-site scripting (XSS) vulnerability in the /devices.php  ...)
-	TODO: check
+	NOT-FOR-US: rConfig
 CVE-2020-25351 (An information disclosure vulnerability in rConfig 3.9.5 has been fixe ...)
-	TODO: check
+	NOT-FOR-US: rConfig
 CVE-2020-25350
 	RESERVED
 CVE-2020-25349
@@ -79005,9 +79005,9 @@ CVE-2020-18888 (Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows re
 CVE-2020-18887
 	RESERVED
 CVE-2020-18886 (Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to  ...)
-	TODO: check
+	NOT-FOR-US: PHPMyWind
 CVE-2020-18885 (Command Injection in PHPMyWind v5.6 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: PHPMyWind
 CVE-2020-18884
 	RESERVED
 CVE-2020-18883
@@ -79019,11 +79019,11 @@ CVE-2020-18881
 CVE-2020-18880
 	RESERVED
 CVE-2020-18879 (Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to e ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2020-18878 (Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Skycaiji
 CVE-2020-18877 (SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain se ...)
-	TODO: check
+	NOT-FOR-US: Wuzhi CMS
 CVE-2020-18876
 	RESERVED
 CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/238644b7e18ad6ee8135b4ef9e42524082aa250f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/238644b7e18ad6ee8135b4ef9e42524082aa250f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210823/266771d1/attachment.htm>

More information about the debian-security-tracker-commits mailing list