[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Feb 24 12:38:45 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d93051e0 by Moritz Muehlenhoff at 2021-02-24T13:38:28+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -121,7 +121,7 @@ CVE-2021-27584
 CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
 	NOT-FOR-US: Directus
 CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...)
-	TODO: check
+	NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
 CVE-2021-27581
 	RESERVED
 CVE-2021-27580
@@ -12459,7 +12459,7 @@ CVE-2021-22115
 CVE-2021-22114
 	RESERVED
 CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...)
-	TODO: check
+	NOT-FOR-US: Spring Cloud Netflix Zuul
 CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...)
 	NOT-FOR-US: Jenkins
 CVE-2021-22111
@@ -15309,7 +15309,7 @@ CVE-2021-21325
 CVE-2021-21324
 	RESERVED
 CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...)
-	TODO: check
+	- brave-browser <itp> (bug #864795)
 CVE-2021-21322
 	RESERVED
 CVE-2021-21321
@@ -24845,7 +24845,7 @@ CVE-2020-28588 [lib/syscall: fix syscall registers retrieval on 32-bit platforms
 	NOTE: https://git.kernel.org/linus/4f134b89a24b965991e7c345b9a4591821f7c2a6
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
 CVE-2020-28587 (A specially crafted document can cause the document parser to copy dat ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-28586
 	RESERVED
 CVE-2020-28585
@@ -25342,13 +25342,13 @@ CVE-2020-28434
 CVE-2020-28433
 	RESERVED
 CVE-2020-28432 (All versions of package theme-core are vulnerable to Command Injection ...)
-	TODO: check
+	NOT-FOR-US: Node theme-core
 CVE-2020-28431 (All versions of package wc-cmd are vulnerable to Command Injection via ...)
-	TODO: check
+	NOT-FOR-US: Node wc-cmd
 CVE-2020-28430 (All versions of package nuance-gulp-build-common are vulnerable to Com ...)
-	TODO: check
+	NOT-FOR-US: Node nuance-gulp-build-common
 CVE-2020-28429 (All versions of package geojson2kml are vulnerable to Command Injectio ...)
-	TODO: check
+	NOT-FOR-US: Node geojson2kml
 CVE-2020-28428
 	RESERVED
 CVE-2020-28427
@@ -31764,7 +31764,7 @@ CVE-2020-26611
 CVE-2020-26610
 	RESERVED
 CVE-2020-26609 (fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: fastadmin
 CVE-2020-26608
 	RESERVED
 CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with  ...)
@@ -35319,7 +35319,7 @@ CVE-2020-25163
 CVE-2020-25162
 	RESERVED
 CVE-2020-25161 (The WADashboard component of WebAccess/SCADA Versions 9.0 and prior ma ...)
-	TODO: check
+	NOT-FOR-US: WebAccess/SCADA
 CVE-2020-25160
 	RESERVED
 CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...)
@@ -53626,7 +53626,7 @@ CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is
 CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...)
 	NOT-FOR-US: GE Digital APM Classic
 CVE-2020-16243 (Multiple buffer overflow vulnerabilities exist when LeviStudioU (Versi ...)
-	TODO: check
+	NOT-FOR-US: LeviStudioU
 CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
 	NOT-FOR-US: General Electric
 CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
@@ -76076,7 +76076,7 @@ CVE-2020-8277 (A Node.js application that allows an attacker to trigger a DNS re
 	NOTE: Fix in c-ares: https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3
 	NOTE: Introduced in https://github.com/c-ares/c-ares/commit/7d3591ee8a1a63e7748e68e6d880bd1763a32885
 CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...)
-	NOT-FOR-US: Brave
+	- brave-browser <itp> (bug #864795)
 CVE-2020-8275 (Citrix Secure Mail for Android before 20.11.0 suffers from improper ac ...)
 	NOT-FOR-US: Citrix
 CVE-2020-8274 (Citrix Secure Mail for Android before 20.11.0 suffers from Improper Co ...)
@@ -145104,7 +145104,7 @@ CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross
 	- grafana <removed>
 	NOTE: https://github.com/grafana/grafana/issues/13667
 CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains  ...)
-	NOT-FOR-US: Brave Software Inc. Brave
+	- brave-browser <itp> (bug #864795)
 CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Un ...)
 	NOT-FOR-US: aio-libs aiohttp-session
 CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scriptin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d93051e0674be1378826844922a469f3cb66360c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d93051e0674be1378826844922a469f3cb66360c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210224/5970f9c0/attachment.htm>

More information about the debian-security-tracker-commits mailing list