[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Feb 3 20:49:42 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10f0e521 by Salvatore Bonaccorso at 2021-02-03T21:49:17+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3525,11 +3525,11 @@ CVE-2021-25278
 CVE-2021-25277
 	RESERVED
 CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory cont ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various SolarWin ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-3159
 	RESERVED
 CVE-2021-25273
@@ -16270,9 +16270,9 @@ CVE-2020-35484
 CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on a system ...)
 	NOT-FOR-US: AnyDesk
 CVE-2020-35482 (SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-35481 (SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...)
 	{DSA-4816-1 DLA-2504-1}
 	- mediawiki 1:1.35.1-1
@@ -20723,7 +20723,7 @@ CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure t
 	NOTE: https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
 	NOTE: https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
 CVE-2020-28895 (In Wind River VxWorks, memory allocator has a possible overflow in cal ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2020-28894
 	RESERVED
 CVE-2020-28893
@@ -21214,7 +21214,7 @@ CVE-2020-28655
 CVE-2020-28654
 	RESERVED
 CVE-2020-28653 (Zoho ManageEngine OpManager Stable build before 125203 (and Released b ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine OpManager Stable
 CVE-2020-28652
 	RESERVED
 CVE-2020-28651
@@ -25001,7 +25001,7 @@ CVE-2020-28146
 CVE-2020-28145
 	RESERVED
 CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2020-28143
 	RESERVED
 CVE-2020-28142
@@ -25348,7 +25348,7 @@ CVE-2020-28003
 CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve authenticat ...)
 	NOT-FOR-US: SonarQube
 CVE-2020-28001 (SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-28000
 	RESERVED
 CVE-2020-27999
@@ -25362,7 +25362,7 @@ CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does n
 CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-27994 (SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Travers ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../ directory tra ...)
 	NOT-FOR-US: Hrsale
 CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse ...)
@@ -72747,9 +72747,9 @@ CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.E
 CVE-2020-8590
 	RESERVED
 CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...)
-	TODO: check
+	NOT-FOR-US: Clustered Data ONTAP
 CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...)
-	TODO: check
+	NOT-FOR-US: Clustered Data ONTAP
 CVE-2020-8587
 	RESERVED
 CVE-2020-8586
@@ -88843,9 +88843,9 @@ CVE-2020-2509
 CVE-2020-2508 (A command injection vulnerability has been reported to affect QTS and  ...)
 	NOT-FOR-US: QNAP
 CVE-2020-2507 (The vulnerability have been reported to affect earlier versions of QTS ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2020-2506 (The vulnerability have been reported to affect earlier versions of QTS ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain sensiti ...)
 	NOT-FOR-US: QNAP
 CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could allow a ...)
@@ -103408,7 +103408,7 @@ CVE-2019-16270
 CVE-2019-16269
 	RESERVED
 CVE-2019-16268 (Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection vi ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Remote Access Plus
 CVE-2019-16267
 	RESERVED
 CVE-2019-16266



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f0e5216220270c16e96fe445d9001567b64c6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f0e5216220270c16e96fe445d9001567b64c6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210203/ceaaa507/attachment.html>

More information about the debian-security-tracker-commits mailing list