[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 26 09:35:32 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6e42d8e by Salvatore Bonaccorso at 2021-08-26T10:35:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6189,7 +6189,7 @@ CVE-2021-37336
 CVE-2021-37335
 	RESERVED
 CVE-2021-37334 (A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could l ...)
-	TODO: check
+	NOT-FOR-US: Umbraco Forms
 CVE-2021-37333
 	RESERVED
 CVE-2021-37332
@@ -6576,9 +6576,9 @@ CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a fail
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
 CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...)
-	TODO: check
+	NOT-FOR-US: ForgeRock Access Management (AM)
 CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...)
-	TODO: check
+	NOT-FOR-US: ForgeRock Access Management (AM)
 CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...)
 	NOT-FOR-US: Sonatype
 CVE-2021-37151
@@ -28793,7 +28793,7 @@ CVE-2021-28072
 CVE-2021-28071
 	RESERVED
 CVE-2021-28070 (Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0 ...)
-	TODO: check
+	NOT-FOR-US: PopojiCMS
 CVE-2021-28069
 	RESERVED
 CVE-2021-28068
@@ -43346,7 +43346,7 @@ CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format
 CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
 	NOT-FOR-US: Foxit
 CVE-2021-21869 (An unsafe deserialization vulnerability exists in the Engine.plugin Pr ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-21868 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
 	NOT-FOR-US: CODESYS
 CVE-2021-21867 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
@@ -47554,7 +47554,7 @@ CVE-2021-20795
 CVE-2021-20794
 	RESERVED
 CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...)
-	TODO: check
+	NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP Music Transfer
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions  ...)
 	NOT-FOR-US: Quiz And Survey Master
 CVE-2021-20791
@@ -55054,37 +55054,37 @@ CVE-2021-1594
 CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1592 (A vulnerability in the way Cisco UCS Manager software handles SSH sess ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1591 (A vulnerability in the EtherChannel port subscription logic of Cisco N ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1590 (A vulnerability in the implementation of the system login block-for co ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1589
 	RESERVED
 CVE-2021-1588 (A vulnerability in the MPLS Operation, Administration, and Maintenance ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1587 (A vulnerability in the VXLAN Operation, Administration, and Maintenanc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1586 (A vulnerability in the Multi-Pod or Multi-Site network configurations  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) L ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1584 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1583 (A vulnerability in the fabric infrastructure file system access contro ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1582 (A vulnerability in the web UI of Cisco Application Policy Infrastructu ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1581 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1580 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1579 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1578 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1577 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Virtual ...)
@@ -55192,7 +55192,7 @@ CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings
 CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1523 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
@@ -78233,9 +78233,9 @@ CVE-2020-19824
 CVE-2020-19823
 	RESERVED
 CVE-2020-19822 (A remote code execution (RCE) vulnerability in template_user.php of ZZ ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2020-19821 (A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attac ...)
-	TODO: check
+	NOT-FOR-US: DOYOCMS
 CVE-2020-19820
 	RESERVED
 CVE-2020-19819
@@ -78461,7 +78461,7 @@ CVE-2020-19711
 CVE-2020-19710
 	RESERVED
 CVE-2020-19709 (Insufficient filtering of the tag parameters in feehicms 0.1.3 allows  ...)
-	TODO: check
+	NOT-FOR-US: feehicms
 CVE-2020-19708
 	RESERVED
 CVE-2020-19707
@@ -78469,11 +78469,11 @@ CVE-2020-19707
 CVE-2020-19706
 	RESERVED
 CVE-2020-19705 (thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home ...)
-	TODO: check
+	NOT-FOR-US: thinkphp-zcms
 CVE-2020-19704 (A stored cross-site scripting (XSS) vulnerability via ResourceControll ...)
 	TODO: check
 CVE-2020-19703 (A cross-site scripting (XSS) vulnerability in the referer parameter of ...)
-	TODO: check
+	NOT-FOR-US: Dzzoffice
 CVE-2020-19702
 	RESERVED
 CVE-2020-19701
@@ -78799,7 +78799,7 @@ CVE-2020-19549
 CVE-2020-19548
 	RESERVED
 CVE-2020-19547 (Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id ...)
-	TODO: check
+	NOT-FOR-US: PopojiCMS
 CVE-2020-19546
 	RESERVED
 CVE-2020-19545
@@ -81850,7 +81850,7 @@ CVE-2020-18067
 CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName ...)
 	NOT-FOR-US: Zrlog
 CVE-2020-18065 (Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in  ...)
-	TODO: check
+	NOT-FOR-US: PopojiCMS
 CVE-2020-18064
 	RESERVED
 CVE-2020-18063



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e42d8ea48d8e488ed4fd1650478955dae524ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6e42d8ea48d8e488ed4fd1650478955dae524ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210826/89e48530/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list