[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Feb 27 10:09:13 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d668e20c by Salvatore Bonaccorso at 2021-02-27T11:08:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -135,7 +135,7 @@ CVE-2021-27740
 CVE-2021-27739
 	RESERVED
 CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Ktor
 CVE-2021-27738
 	RESERVED
 CVE-2021-27737
@@ -863,13 +863,13 @@ CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root
 CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
 	NOT-FOR-US: OpenRepeater (ORP)
 CVE-2019-25023 (An issue was discovered in Scytl sVote 2.1. Because the IP address fro ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2019-25022 (An issue was discovered in Scytl sVote 2.1. An attacker can inject cod ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2019-25021 (An issue was discovered in Scytl sVote 2.1. Due to the implementation  ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest AP ...)
-	TODO: check
+	NOT-FOR-US: Scytl sVote
 CVE-2021-3413
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite
@@ -1311,7 +1311,7 @@ CVE-2021-27200
 CVE-2021-27199
 	RESERVED
 CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...)
-	TODO: check
+	NOT-FOR-US: Visualware MyConnection Server
 CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
 	NOT-FOR-US: Pelco Digital Sentry Server
 CVE-2021-27196
@@ -1448,7 +1448,7 @@ CVE-2021-27134
 CVE-2021-27133
 	RESERVED
 CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...)
-	TODO: check
+	NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices
 CVE-2021-27131
 	RESERVED
 CVE-2021-27130
@@ -1974,9 +1974,9 @@ CVE-2021-3402
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
 	NOT-FOR-US: 1Password SCIM Bridge
 CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: LMA ISIDA Retriever
 CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...)
-	TODO: check
+	NOT-FOR-US: LMA ISIDA Retriever
 CVE-2021-26902
 	RESERVED
 CVE-2021-26901
@@ -2745,21 +2745,21 @@ CVE-2021-26569
 CVE-2021-26568
 	RESERVED
 CVE-2021-26567 (Use of unmaintained third party components vulnerability in faad in Sy ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in synor ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26563 (Improper access control vulnerability in synoagentregisterd in Synolog ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26561 (Stack-based buffer overflow vulnerability in synoagentregisterd in Syn ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability in synoa ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API  ...)
 	- airflow <itp> (bug #819700)
 CVE-2021-26558
@@ -6225,7 +6225,7 @@ CVE-2021-3153
 CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
 	NOT-FOR-US: Home Assistant
 CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: i-doit
 CVE-2021-3150
 	RESERVED
 CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...)
@@ -11673,7 +11673,7 @@ CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validatio
 CVE-2021-22662
 	RESERVED
 CVE-2021-22661 (Changing the password on the module webpage does not require the user  ...)
-	TODO: check
+	NOT-FOR-US: ProSoft Technology
 CVE-2021-22660
 	RESERVED
 CVE-2021-22659



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d668e20c0dd29b30885d41f9e1914077cbbd8553

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d668e20c0dd29b30885d41f9e1914077cbbd8553
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210227/b4ceb5be/attachment.htm>

More information about the debian-security-tracker-commits mailing list