[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Feb 23 08:18:09 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35a65bed by Salvatore Bonaccorso at 2021-02-23T09:17:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -839,7 +839,7 @@ CVE-2021-3408
 CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...)
 	NOT-FOR-US: PEEL Shopping cart
 CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...)
-	TODO: check
+	NOT-FOR-US: CIRA Canadian Shield app
 CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...)
 	NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
 CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...)
@@ -1878,9 +1878,9 @@ CVE-2021-26727
 CVE-2021-26726
 	RESERVED
 CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Networks Guardian
 CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Networks Guardian
 CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. ...)
 	NOT-FOR-US: Jenzabar
 CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because  ...)
@@ -3016,7 +3016,7 @@ CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow
 CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before version 4 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
@@ -8664,7 +8664,7 @@ CVE-2021-23829
 CVE-2021-23828
 	RESERVED
 CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...)
-	TODO: check
+	NOT-FOR-US: Keybase Desktop Client
 CVE-2021-23826
 	RESERVED
 CVE-2021-23825
@@ -11178,19 +11178,19 @@ CVE-2021-22651
 CVE-2021-22650
 	RESERVED
 CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
-	TODO: check
+	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22648
 	RESERVED
 CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
-	TODO: check
+	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22646
 	RESERVED
 CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
-	TODO: check
+	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22644
 	RESERVED
 CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
-	TODO: check
+	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22642
 	RESERVED
 CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the  ...)
@@ -14352,7 +14352,7 @@ CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in t
 CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...)
 	NOT-FOR-US: 4images Image Gallery Management System
 CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker has to  ...)
-	TODO: check
+	NOT-FOR-US: Chatbox
 CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
 	NOT-FOR-US: HGiga MailSherlock
 CVE-2021-21443
@@ -22556,7 +22556,7 @@ CVE-2020-29077
 CVE-2020-29076
 	RESERVED
 CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.3001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...)
 	{DSA-4799-1 DLA-2490-1}
 	- x11vnc 0.9.16-5 (bug #975875)
@@ -40747,7 +40747,7 @@ CVE-2020-22476
 CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by insecure permi ...)
 	TODO: check
 CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to specify th ...)
-	TODO: check
+	NOT-FOR-US: webERP
 CVE-2020-22473
 	RESERVED
 CVE-2020-22472
@@ -43252,7 +43252,7 @@ CVE-2020-21226
 CVE-2020-21225
 	RESERVED
 CVE-2020-21224 (A Remote Code Execution vulnerability has been found in Inspur Cluster ...)
-	TODO: check
+	NOT-FOR-US: Inspur ClusterEngine
 CVE-2020-21223
 	RESERVED
 CVE-2020-21222
@@ -46184,7 +46184,7 @@ CVE-2020-19764
 CVE-2020-19763
 	RESERVED
 CVE-2020-19762 (Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows  ...)
-	TODO: check
+	NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL System
 CVE-2020-19761
 	RESERVED
 CVE-2020-19760



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a65bedbb4bdae34288090dd43924de87509c9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a65bedbb4bdae34288090dd43924de87509c9f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210223/13062dea/attachment.htm>
