[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 26 21:28:17 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e94de822 by Salvatore Bonaccorso at 2021-08-26T22:27:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: EmTec ZOC
 CVE-2021-40146
 	RESERVED
 CVE-2021-3738
@@ -156,7 +156,7 @@ CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, tri
 	NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169
 	NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1)
 CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or  ...)
-	TODO: check
+	NOT-FOR-US: yourls
 CVE-2021-40080
 	RESERVED
 CVE-2021-40079
@@ -7095,13 +7095,13 @@ CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosur
 CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-36930
 	RESERVED
 CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of  ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
@@ -8419,7 +8419,7 @@ CVE-2021-36354
 CVE-2021-36353
 	RESERVED
 CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...)
-	TODO: check
+	NOT-FOR-US: Care2x Hospital Information Management
 CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...)
 	NOT-FOR-US: Care2x Open Source Hospital Information Management
 CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
@@ -17075,7 +17075,7 @@ CVE-2021-32650
 CVE-2021-32649
 	RESERVED
 CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
 	NOT-FOR-US: Emissary
 CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...)
@@ -18385,7 +18385,7 @@ CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from co
 CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...)
 	NOT-FOR-US: VerityStream MSOW Solutions
 CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. ...)
 	NOT-FOR-US: Re-Logic Terraria
 CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...)
@@ -25235,7 +25235,7 @@ CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was
 	NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp
 	NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b
 CVE-2021-29487 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
 	NOT-FOR-US: Node cumulative-distribution-function
 CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In versions prior  ...)
@@ -29091,7 +29091,7 @@ CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. Th
 	[stretch] - rpm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747
 CVE-2021-27944 (Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E ...)
-	TODO: check
+	NOT-FOR-US: Vizio
 CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1  ...)
 	NOT-FOR-US: Vizio
 CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...)
@@ -81027,11 +81027,11 @@ CVE-2020-18479
 CVE-2020-18478
 	RESERVED
 CVE-2020-18477 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enqui ...)
-	TODO: check
+	NOT-FOR-US: Hucart CMS
 CVE-2020-18476 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic informat ...)
-	TODO: check
+	NOT-FOR-US: Hucart CMS
 CVE-2020-18475 (Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is  ...)
-	TODO: check
+	NOT-FOR-US: Hucart CMS
 CVE-2020-18474
 	RESERVED
 CVE-2020-18473
@@ -81041,13 +81041,13 @@ CVE-2020-18472
 CVE-2020-18471
 	RESERVED
 CVE-2020-18470 (Stored cross-site scripting (XSS) vulnerability in the Name of applica ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-18469 (Stored cross-site scripting (XSS) vulnerability in the Copyright Text  ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-18468 (Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Hea ...)
-	TODO: check
+	NOT-FOR-US: qdPM
 CVE-2020-18467 (Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in ...)
-	TODO: check
+	NOT-FOR-US: BigTree-CMS
 CVE-2020-18466
 	RESERVED
 CVE-2020-18465
@@ -91570,9 +91570,9 @@ CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object
 CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...)
 	NOT-FOR-US: Pi-Hole
 CVE-2020-14161 (It is possible to inject HTML and/or JavaScript in the HTML to PDF con ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2020-14160 (An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote  ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a  ...)
 	NOT-FOR-US: ConnectWise
 CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94de822f5f0cdf35e1f7a596462310a84741020

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94de822f5f0cdf35e1f7a596462310a84741020
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210826/5ce525d2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list