[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jan 1 20:20:55 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aab7a2ef by Salvatore Bonaccorso at 2021-01-01T21:20:32+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-3003
 	RESERVED
 CVE-2021-3002 (Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?se ...)
-	TODO: check
+	NOT-FOR-US: Seo Panel
 CVE-2021-3001
 	RESERVED
 CVE-2020-35951 (An issue was discovered in the Quiz and Survey Master plugin before 7. ...)
@@ -214,7 +214,7 @@ CVE-2020-35858 (An issue was discovered in the prost crate before 0.6.1 for Rust
 CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before 0.18.1 fo ...)
 	TODO: check
 CVE-2019-25011 (NetBox through 2.6.2 allows an Authenticated User to conduct an XSS at ...)
-	TODO: check
+	NOT-FOR-US: NetBox
 CVE-2019-25010 (An issue was discovered in the failure crate through 2019-11-13 for Ru ...)
 	- rust-failure <unfixed>
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0036.html
@@ -17958,7 +17958,7 @@ CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
 	NOT-FOR-US: qdPM
 CVE-2020-26165 (qdPM through 9.1 allows PHP Object Injection via timeReportActions::ex ...)
-	TODO: check
+	NOT-FOR-US: qdPM
 CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the ...)
 	- kdeconnect 20.08.2-1 (bug #971736)
 	[buster] - kdeconnect <no-dsa> (Minor issue)
@@ -18695,15 +18695,15 @@ CVE-2020-25848 (HGiga MailSherlock contains weak authentication flaw that attack
 CVE-2020-25847 (This command injection vulnerability allows attackers to execute arbit ...)
 	NOT-FOR-US: QNAP
 CVE-2020-25846 (The digest generation function of NHIServiSignAdapter has not been ver ...)
-	TODO: check
+	NOT-FOR-US: NHIServiSignAdapter
 CVE-2020-25845 (Multiple functions of NHIServiSignAdapter failed to verify the users&# ...)
-	TODO: check
+	NOT-FOR-US: NHIServiSignAdapter
 CVE-2020-25844 (The digest generation function of NHIServiSignAdapter has not been ver ...)
-	TODO: check
+	NOT-FOR-US: NHIServiSignAdapter
 CVE-2020-25843 (NHIServiSignAdapter fails to verify the length of digital credential f ...)
-	TODO: check
+	NOT-FOR-US: NHIServiSignAdapter
 CVE-2020-25842 (The encryption function of NHIServiSignAdapter fail to verify the file ...)
-	TODO: check
+	NOT-FOR-US: NHIServiSignAdapter
 CVE-2020-25841
 	RESERVED
 CVE-2020-25840
@@ -51280,13 +51280,13 @@ CVE-2020-11837
 CVE-2020-11836
 	RESERVED
 CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...)
-	TODO: check
+	NOT-FOR-US: oppo
 CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the  ...)
-	TODO: check
+	NOT-FOR-US: oppo
 CVE-2020-11833 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_m ...)
-	TODO: check
+	NOT-FOR-US: oppo
 CVE-2020-11832 (In functions charging_limit_current_write and charging_limit_time_writ ...)
-	TODO: check
+	NOT-FOR-US: oppo
 CVE-2020-11831 (OvoiceManager has system permission to write vulnerability reports for ...)
 	NOT-FOR-US: OvoiceManager
 CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...)
@@ -134373,15 +134373,15 @@ CVE-2018-19947 (The vulnerability have been reported to affect earlier versions
 CVE-2018-19946 (The vulnerability have been reported to affect earlier versions of Hel ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19945 (A vulnerability has been reported to affect earlier QNAP devices runni ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-19944 (A cleartext transmission of sensitive information vulnerability has be ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19942
 	RESERVED
 CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If exploited, th ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-19940
 	RESERVED
 CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab7a2ef16c5f323748dbe675a7e05c951206bd9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab7a2ef16c5f323748dbe675a7e05c951206bd9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210101/ff94a20f/attachment.html>

More information about the debian-security-tracker-commits mailing list