[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Feb 15 20:41:34 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6bccdc3 by Salvatore Bonaccorso at 2021-02-15T21:40:49+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,7 +53,7 @@ CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in
 	- spip 3.2.9-1
 	TODO: needs possibly CVE requests for individual issues
 CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated  ...)
-	TODO: check
+	NOT-FOR-US: Endian Firewall Community (aka EFW)
 CVE-2021-27200
 	RESERVED
 CVE-2021-27199
@@ -4683,13 +4683,13 @@ CVE-2021-25301
 CVE-2021-25300
 	RESERVED
 CVE-2021-25299 (Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS).  ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-25298 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-25297 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-25296 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-25295 (OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issue ...)
 	NOT-FOR-US: OpenCATS
 CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity re ...)
@@ -13699,7 +13699,7 @@ CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by comma
 CVE-2020-35776
 	RESERVED
 CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)
-	TODO: check
+	NOT-FOR-US: CITSmart
 CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...)
 	NOT-FOR-US: Twitter TwitterServer
 CVE-2020-35773 (The site-offline plugin before 1.4.4 for WordPress lacks certain wp_cr ...)
@@ -34785,7 +34785,7 @@ CVE-2020-24901 (The default installation of Krpano Panorama Viewer version <=
 CVE-2020-24900 (The default installation of Krpano Panorama Viewer version <=1.20.8 ...)
 	NOT-FOR-US: Krpano Panorama Viewer
 CVE-2020-24899 (Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...)
 	NOT-FOR-US: Confluence Server app for Atlassian Confluence
 CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...)
@@ -34910,7 +34910,7 @@ CVE-2020-24844
 CVE-2020-24843
 	RESERVED
 CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...)
-	TODO: check
+	NOT-FOR-US: PNPSCADA
 CVE-2020-24841
 	RESERVED
 CVE-2020-24840
@@ -39912,7 +39912,7 @@ CVE-2020-22429
 CVE-2020-22428
 	RESERVED
 CVE-2020-22427 (NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-22426
 	RESERVED
 CVE-2020-22425 (Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, whe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bccdc3e5df79e5099ffb47833b1d74e06d9133

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6bccdc3e5df79e5099ffb47833b1d74e06d9133
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210215/e3cc80aa/attachment.html>

More information about the debian-security-tracker-commits mailing list