[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jan 4 20:31:16 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
092c61b9 by Salvatore Bonaccorso at 2021-01-04T21:30:52+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...)
-	TODO: check
+	NOT-FOR-US: MikroTik RouterOS
 CVE-2021-3013
 	RESERVED
 CVE-2021-3012
@@ -971,7 +971,7 @@ CVE-2020-36156 (An issue was discovered in the Ultimate Member plugin before 2.1
 CVE-2020-36155 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...)
 	NOT-FOR-US: Ultimate Member plugin for WordPress
 CVE-2020-36154 (The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full ...)
-	TODO: check
+	NOT-FOR-US: Pearson VUE VTS Installer
 CVE-2020-36153
 	RESERVED
 CVE-2020-36152
@@ -1055,7 +1055,7 @@ CVE-2020-36114
 CVE-2020-36113
 	RESERVED
 CVE-2020-36112 (CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-b ...)
-	TODO: check
+	NOT-FOR-US: CSE Bookstore
 CVE-2020-36111
 	RESERVED
 CVE-2020-36110
@@ -1351,9 +1351,9 @@ CVE-2020-35966
 CVE-2021-3007 (Zend Framework 3.0.0 has a deserialization vulnerability that can lead ...)
 	TODO: check
 CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the ce ...)
-	TODO: check
+	NOT-FOR-US: MK-AUTH
 CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo ...)
-	TODO: check
+	NOT-FOR-US: MK-AUTH
 CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds  ...)
 	- ffmpeg <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
@@ -6036,7 +6036,7 @@ CVE-2020-35221
 CVE-2020-35220
 	RESERVED
 CVE-2020-35219 (The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to acce ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2020-35218
 	RESERVED
 CVE-2020-35217
@@ -90493,7 +90493,7 @@ CVE-2019-16962
 CVE-2019-16961
 	RESERVED
 CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...)
 	NOT-FOR-US: SolarWinds
 CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...)
@@ -90501,7 +90501,7 @@ CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help
 CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of ...)
 	NOT-FOR-US: SolarWinds
 CVE-2019-16956 (SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parame ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...)
 	NOT-FOR-US: SolarWinds
 CVE-2019-16954



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/092c61b9eb48069796826ae4acf1ee5d3ca6fe5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/092c61b9eb48069796826ae4acf1ee5d3ca6fe5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210104/af59d41f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list