[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Feb 5 20:44:40 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
237fe9d7 by Salvatore Bonaccorso at 2021-02-05T21:44:27+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2021-26724
 CVE-2021-26723
 	RESERVED
 CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because  ...)
-	TODO: check
+	NOT-FOR-US: LinkedIn Oncall
 CVE-2021-26721
 	RESERVED
 CVE-2021-26720
@@ -43,9 +43,9 @@ CVE-2021-26713
 CVE-2021-26712
 	RESERVED
 CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...)
-	TODO: check
+	NOT-FOR-US: Redwood Report2Web
 CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...)
-	TODO: check
+	NOT-FOR-US: Redwood Report2Web
 CVE-2021-26709
 	RESERVED
 CVE-2021-26707
@@ -1059,7 +1059,7 @@ CVE-2021-26296
 CVE-2021-26295
 	RESERVED
 CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...)
-	TODO: check
+	NOT-FOR-US: Open-AudIT
 CVE-2021-3332
 	RESERVED
 CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
@@ -1172,7 +1172,7 @@ CVE-2021-3313
 CVE-2021-3312
 	RESERVED
 CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2021-3310
 	RESERVED
 CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...)
@@ -2143,7 +2143,7 @@ CVE-2021-3260
 CVE-2021-3259
 	RESERVED
 CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site ...)
-	TODO: check
+	NOT-FOR-US: Question2Answer Q2A Ultimate SEO
 CVE-2021-3257
 	RESERVED
 CVE-2021-3256
@@ -3725,9 +3725,9 @@ CVE-2021-25247 (A DLL hijacking vulnerability Trend Micro HouseCall for Home Net
 CVE-2021-25246 (An improper access control information disclosure vulnerability in Tre ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-25245 (An improper access control vulnerability in Worry-Free Business Securi ...)
-	TODO: check
+	NOT-FOR-US: Worry-Free Business Security
 CVE-2021-25244 (An improper access control vulnerability in Worry-Free Business Securi ...)
-	TODO: check
+	NOT-FOR-US: Worry-Free Business Security
 CVE-2021-25243 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-25242 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
@@ -12603,7 +12603,7 @@ CVE-2020-35766 (The test suite in libopendkim in OpenDKIM through 2.10.3 allows
 	- opendkim <unfixed> (unimportant)
 	NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/113
 CVE-2020-35765 (doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho Manag ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-35764
 	RESERVED
 CVE-2020-35763
@@ -14854,7 +14854,7 @@ CVE-2021-20625
 CVE-2021-20624
 	RESERVED
 CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: Video Insight VMS
 CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
 	NOT-FOR-US: Aterm WG2600HP firmware
 CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...)
@@ -25989,9 +25989,9 @@ CVE-2020-27875
 CVE-2020-27874
 	RESERVED
 CVE-2020-27873 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-27872 (This vulnerability allows network-adjacent attackers to bypass authent ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-27871
 	RESERVED
 CVE-2020-27870
@@ -46110,7 +46110,7 @@ CVE-2020-18719
 CVE-2020-18718
 	RESERVED
 CVE-2020-18717 (SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execut ...)
-	TODO: check
+	NOT-FOR-US: ZZZCMS
 CVE-2020-18716 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
 	TODO: check
 CVE-2020-18715
@@ -82797,7 +82797,7 @@ CVE-2020-4834
 CVE-2020-4833
 	RESERVED
 CVE-2020-4832 (IBM PowerHA 7.2 could allow a local attacker to obtain sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4831
 	RESERVED
 CVE-2020-4830
@@ -84302,7 +84302,7 @@ CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage
 CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...)
 	NOT-FOR-US: HCL Connections
 CVE-2020-4081 (In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Digital Experience
 CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting  ...)
 	NOT-FOR-US: HCL
 CVE-2020-4079 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/237fe9d76d673bb17f46dbc4e1defef045a14cd9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/237fe9d76d673bb17f46dbc4e1defef045a14cd9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210205/d70c2257/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list