[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Feb 25 20:37:46 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b8d1a56 by Salvatore Bonaccorso at 2021-02-25T21:37:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -133,9 +133,9 @@ CVE-2021-27673
 CVE-2021-27672
 	RESERVED
 CVE-2021-27671 (An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS ...)
-	TODO: check
+	NOT-FOR-US: comrak rust crate
 CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url  ...)
-	TODO: check
+	NOT-FOR-US: Appspace
 CVE-2021-27669
 	RESERVED
 CVE-2021-27668
@@ -871,7 +871,7 @@ CVE-2021-27332
 CVE-2021-27331
 	RESERVED
 CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by cross-site scri ...)
-	TODO: check
+	NOT-FOR-US: Triconsole Datepicker Calendar
 CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...)
 	NOT-FOR-US: Friendica
 CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...)
@@ -4342,7 +4342,7 @@ CVE-2021-3275
 CVE-2021-3274
 	RESERVED
 CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...)
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/259
@@ -16309,11 +16309,11 @@ CVE-2021-21068
 CVE-2021-21067
 	RESERVED
 CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path t ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
@@ -24304,7 +24304,7 @@ CVE-2021-1452
 CVE-2021-1451
 	RESERVED
 CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1449
 	RESERVED
 CVE-2021-1448
@@ -24412,13 +24412,13 @@ CVE-2021-1398
 CVE-2021-1397
 	RESERVED
 CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1395
 	RESERVED
 CVE-2021-1394
 	RESERVED
 CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1392
 	RESERVED
 CVE-2021-1391
@@ -24428,9 +24428,9 @@ CVE-2021-1390
 CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrato ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software could all ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1386
 	RESERVED
 CVE-2021-1385
@@ -24468,9 +24468,9 @@ CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the
 CVE-2021-1369
 	RESERVED
 CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1365
@@ -24482,7 +24482,7 @@ CVE-2021-1363
 CVE-2021-1362
 	RESERVED
 CVE-2021-1361 (A vulnerability in the implementation of an internal file management s ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1359
@@ -24742,15 +24742,15 @@ CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow a
 CVE-2021-1232
 	RESERVED
 CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1229 (A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS S ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1228 (A vulnerability in the fabric infrastructure VLAN connection establish ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1227 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified Commun ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -39030,7 +39030,7 @@ CVE-2020-23536
 CVE-2020-23535
 	RESERVED
 CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...)
-	TODO: check
+	NOT-FOR-US: gopeak masterlab
 CVE-2020-23533
 	RESERVED
 CVE-2020-23532
@@ -74738,7 +74738,7 @@ CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions
 	NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
 	NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
 CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a Server-Sid ...)
-	TODO: check
+	NOT-FOR-US: Rendertron
 CVE-2020-8901
 	RESERVED
 CVE-2020-8900



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8d1a56b4a3d8ecece5cbb17ecc2f12823efdd4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8d1a56b4a3d8ecece5cbb17ecc2f12823efdd4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210225/bad695aa/attachment.htm>

More information about the debian-security-tracker-commits mailing list