[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Feb 3 08:33:01 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
062f4264 by Salvatore Bonaccorso at 2021-02-03T09:32:40+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
-	TODO: check
+	NOT-FOR-US: Pryaniki
 CVE-2021-3394
 	RESERVED
 CVE-2021-3393
@@ -12909,7 +12909,7 @@ CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala inter
 CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...)
 	TODO: check
 CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...)
-	TODO: check
+	NOT-FOR-US: Traccar
 CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...)
 	TODO: check
 CVE-2021-21290
@@ -12950,7 +12950,7 @@ CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed g
 CVE-2021-21277 (angular-expressions is "angular's nicest part extracted as a standalon ...)
 	TODO: check
 CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3.0, a  ...)
-	TODO: check
+	NOT-FOR-US: Polr
 CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...)
 	NOT-FOR-US: MediaWiki Report extention
 CVE-2021-21274
@@ -13622,7 +13622,7 @@ CVE-2021-21045
 CVE-2021-21044
 	RESERVED
 CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-21042
 	RESERVED
 CVE-2021-21041
@@ -16749,7 +16749,7 @@ CVE-2020-35154
 CVE-2020-35153
 	RESERVED
 CVE-2020-35152 (Cloudflare WARP for Windows allows privilege escalation due to an unqu ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare WARP for Windows
 CVE-2020-35151 (The Online Marriage Registration System 1.0 post parameter "searchdata ...)
 	NOT-FOR-US: Online Marriage Registration System
 CVE-2020-35150
@@ -17912,7 +17912,7 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where r
 	NOTE: https://github.com/Icinga/icinga2/commit/abbd7d5494369af8bbf8fc12f5dc1a0f05a1f817
 	NOTE: https://github.com/Icinga/icinga2/commit/cae22a89da9e6a381904c3b207e5a3f93f6ed838
 CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s  ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...)
 	{DSA-4843-1}
 	- linux 5.9.15-1
@@ -56420,7 +56420,7 @@ CVE-2020-14257
 CVE-2020-14256
 	RESERVED
 CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities that cou ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...)
 	NOT-FOR-US: HCL BigFix Inventory
 CVE-2020-14253
@@ -56488,7 +56488,7 @@ CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-sit
 CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...)
 	NOT-FOR-US: HCL Digital Experience
 CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2020-14220
 	RESERVED
 CVE-2020-14219
@@ -72262,7 +72262,7 @@ CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(
 CVE-2020-8673
 	RESERVED
 CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Co ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
 	NOT-FOR-US: Intel
 CVE-2020-8670
@@ -90462,7 +90462,7 @@ CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily c
 CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...)
 	NOT-FOR-US: Facebook Hermes
 CVE-2020-1910 (A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp
 CVE-2020-1909 (A use-after-free in a logging library in WhatsApp for iOS prior to v2. ...)
 	NOT-FOR-US: WhatsApp
 CVE-2020-1908 (Improper authorization of the Screen Lock feature in WhatsApp and What ...)
@@ -90490,7 +90490,7 @@ CVE-2020-1898
 CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...)
 	NOT-FOR-US: Facebook Proxygen
 CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes ‘builtin apply ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
 	NOT-FOR-US: Instagram for Android
 CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to v2.20.35, What ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062f426421587351b936a106c6056464daed4160

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062f426421587351b936a106c6056464daed4160
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210203/c2752488/attachment.html>

More information about the debian-security-tracker-commits mailing list