[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust explanation for CVE-2021-27379 as the referenced URL is not accessible

Salvatore Bonaccorso carnil at debian.org
Fri Feb 19 08:24:52 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e19bee97 by Salvatore Bonaccorso at 2021-02-19T09:19:32+01:00
Adjust explanation for CVE-2021-27379 as the referenced URL is not accessible

- - - - -
79119ae0 by Salvatore Bonaccorso at 2021-02-19T09:24:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
 	TODO: check
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
-	TODO: check
+	NOT-FOR-US: Askey devices
 CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
-	TODO: check
+	NOT-FOR-US: Askey devices
 CVE-2021-27402
 	RESERVED
 CVE-2021-27401
@@ -21,11 +21,11 @@ CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not prop
 CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...)
 	TODO: check
 CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Open OnDemand
 CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...)
-	TODO: check
+	NOT-FOR-US: Amaze File Manager
 CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
-	TODO: check
+	NOT-FOR-US: OpenRepeater (ORP)
 CVE-2019-25023
 	RESERVED
 CVE-2019-25022
@@ -80,7 +80,7 @@ CVE-2021-27380
 	RESERVED
 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM  ...)
 	- xen <unfixed>
-	[stretch] - xen <end-of-life> (not supported; see https://gitlab.com/freexian-lts/debian-lts/-/commit/1b701a243a893d6cce6e59778b525407d560ab91)
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-366.html
 CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust.  ...)
 	- rust-rand-core <unfixed>
@@ -1459,7 +1459,7 @@ CVE-2021-26749
 CVE-2021-26748
 	RESERVED
 CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...)
-	TODO: check
+	NOT-FOR-US: Netis devices
 CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...)
 	TODO: check
 CVE-2021-26745
@@ -2518,7 +2518,7 @@ CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH
 CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...)
 	NOT-FOR-US: Wikindx
 CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...)
-	TODO: check
+	NOT-FOR-US: ModernFlow
 CVE-2021-3338
 	RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
@@ -15388,9 +15388,9 @@ CVE-2020-35594
 CVE-2020-35593
 	RESERVED
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin bef ...)
 	NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
 CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...)
@@ -20011,7 +20011,7 @@ CVE-2020-29666 (In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a direc
 CVE-2020-29665
 	RESERVED
 CVE-2020-29664 (A command injection issue in dji_sys in DJI Mavic 2 Remote Controller  ...)
-	TODO: check
+	NOT-FOR-US: DJI Mavic 2 Remote Controller firmware
 CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked ...)
 	- icinga2 2.12.3-1
 	[buster] - icinga2 <no-dsa> (Minor issue)
@@ -46262,7 +46262,7 @@ CVE-2020-19515
 CVE-2020-19514
 	RESERVED
 CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...)
-	TODO: check
+	NOT-FOR-US: FinalWire Ltd AIDA64 Engineer
 CVE-2020-19512
 	RESERVED
 CVE-2020-19511
@@ -76722,7 +76722,7 @@ CVE-2020-7851
 CVE-2020-7850
 	RESERVED
 CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
-	TODO: check
+	NOT-FOR-US: uPrism.io CURIX
 CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
 	NOT-FOR-US: EFM ipTIME C200 IP Camera
 CVE-2020-7847



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae...79119ae0eeab47f42592b899d5d70fc50b628240

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7f0ced0d4eef25729899c2fc4e6c76cef2c41bae...79119ae0eeab47f42592b899d5d70fc50b628240
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210219/dee991a2/attachment.html>

More information about the debian-security-tracker-commits mailing list