[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Feb 1 20:36:54 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8de0eee2 by Salvatore Bonaccorso at 2021-02-01T21:36:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1305,7 +1305,7 @@ CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java t
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332
 	TODO: check details
 CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2021-3281
 	RESERVED
 	{DLA-2540-1}
@@ -8721,7 +8721,7 @@ CVE-2020-36161 (An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and
 CVE-2020-36160 (An issue was discovered in Veritas System Recovery before 21.2. On sta ...)
 	NOT-FOR-US: Veritas
 CVE-2021-3024 (HashiCorp Vault and Vault Enterprise disclosed the internal IP address ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2021-3023
 	RESERVED
 CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
@@ -11246,7 +11246,7 @@ CVE-2020-36111
 CVE-2020-36110
 	RESERVED
 CVE-2020-36109 (ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a bu ...)
-	TODO: check
+	NOT-FOR-US: ASUS RT-AX86U router firmware
 CVE-2020-36108
 	RESERVED
 CVE-2020-36107
@@ -12791,7 +12791,7 @@ CVE-2021-21288
 CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...)
 	TODO: check
 CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...)
-	TODO: check
+	NOT-FOR-US: AVideo Platform
 CVE-2021-21285
 	RESERVED
 CVE-2021-21284
@@ -12831,7 +12831,7 @@ CVE-2021-21268
 CVE-2021-21267
 	RESERVED
 CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automation sof ...)
-	TODO: check
+	NOT-FOR-US: openHAB
 CVE-2021-21265
 	RESERVED
 CVE-2021-21264
@@ -31452,7 +31452,7 @@ CVE-2020-25595 (An issue was discovered in Xen through 4.14.x. The PCI passthrou
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-337.html
 CVE-2020-25594 (HashiCorp Vault and Vault Enterprise allowed for enumeration of Secret ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2020-25593
 	RESERVED
 CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...)
@@ -34377,7 +34377,7 @@ CVE-2020-24273
 CVE-2020-24272
 	RESERVED
 CVE-2020-24271 (A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an ad ...)
-	TODO: check
+	NOT-FOR-US: EasyCMS
 CVE-2020-24270
 	RESERVED
 CVE-2020-24269
@@ -42364,9 +42364,9 @@ CVE-2020-20297
 CVE-2020-20296 (An issue was found in CMSWing project version 1.3.8, Because the recha ...)
 	TODO: check
 CVE-2020-20295 (An issue was found in CMSWing project version 1.3.8. Because the updat ...)
-	TODO: check
+	NOT-FOR-US: CMSWing
 CVE-2020-20294 (An issue was found in CMSWing project version 1.3.8. Because the log f ...)
-	TODO: check
+	NOT-FOR-US: CMSWing
 CVE-2020-20293
 	RESERVED
 CVE-2020-20292
@@ -42374,13 +42374,13 @@ CVE-2020-20292
 CVE-2020-20291
 	RESERVED
 CVE-2020-20290 (Directory traversal vulnerability in the yccms 3.3 project. The delete ...)
-	TODO: check
+	NOT-FOR-US: yccms
 CVE-2020-20289 (Sql injection vulnerability in the yccms 3.3 project. The no_top funct ...)
-	TODO: check
+	NOT-FOR-US: yccms
 CVE-2020-20288
 	RESERVED
 CVE-2020-20287 (Unrestricted file upload vulnerability in the yccms 3.3 project. The x ...)
-	TODO: check
+	NOT-FOR-US: yccms
 CVE-2020-20286
 	RESERVED
 CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can inject  ...)
@@ -52619,7 +52619,7 @@ CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-afte
 	[buster] - milkytracker 1.02.00+dfsg-1+deb10u1
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
 CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...)
-	TODO: check
+	NOT-FOR-US: TerraMaster TOS
 CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...)
 	{DSA-4723-1}
 	- xen 4.11.4+24-gddaaccbbab-1
@@ -77201,9 +77201,9 @@ CVE-2020-6658
 CVE-2020-6657
 	RESERVED
 CVE-2020-6656 (Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2020-6655 (The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to  ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...)
 	NOT-FOR-US: Eaton
 CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8de0eee2cad661b01ac39b6184b0cd18d53c9a80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8de0eee2cad661b01ac39b6184b0cd18d53c9a80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210201/d6250205/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list