[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jan 13 20:34:36 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89c54df1 by Salvatore Bonaccorso at 2021-01-13T21:34:15+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -194,7 +194,7 @@ CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress all
 CVE-2021-3132
 	RESERVED
 CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 enco ...)
-	TODO: check
+	NOT-FOR-US: 1C:Enterprise
 CVE-2021-3130
 	RESERVED
 CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, allows u ...)
@@ -1771,9 +1771,9 @@ CVE-2021-3034
 CVE-2021-3033
 	RESERVED
 CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo  ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3030
 	RESERVED
 CVE-2021-23234
@@ -6397,7 +6397,7 @@ CVE-2020-35689
 CVE-2020-35688
 	RESERVED
 CVE-2020-35687 (PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to  ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software component mod ...)
 	NOT-FOR-US: Sound Research
 CVE-2020-35685
@@ -8356,7 +8356,7 @@ CVE-2021-20618
 CVE-2021-20617
 	RESERVED
 CVE-2021-20616 (Untrusted search path vulnerability in the installer of SKYSEA Client  ...)
-	TODO: check
+	NOT-FOR-US: SKYSEA Client View
 CVE-2021-20615
 	RESERVED
 CVE-2021-20614
@@ -20771,7 +20771,7 @@ CVE-2020-27490
 CVE-2020-27489
 	RESERVED
 CVE-2020-27488 (Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are ...)
-	TODO: check
+	NOT-FOR-US: Loxone Miniserver devices
 CVE-2020-27487
 	RESERVED
 CVE-2020-27486 (Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The ...)
@@ -22485,9 +22485,9 @@ CVE-2020-26715
 CVE-2020-26714
 	RESERVED
 CVE-2020-26713 (REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function wi ...)
-	TODO: check
+	NOT-FOR-US: REDCap
 CVE-2020-26712 (REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList f ...)
-	TODO: check
+	NOT-FOR-US: REDCap
 CVE-2020-26711
 	RESERVED
 CVE-2020-26710
@@ -23880,7 +23880,7 @@ CVE-2020-26120 (XSS exists in the MobileFrontend extension for MediaWiki before
 CVE-2020-26119
 	RESERVED
 CVE-2020-26118 (In SmartBear Collaborator Server through 13.3.13302, use of the Google ...)
-	TODO: check
+	NOT-FOR-US: SmartBear Collaborator Server
 CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...)
 	{DLA-2396-1}
 	- tigervnc 1.10.1+dfsg-9 (bug #971272)
@@ -24048,7 +24048,7 @@ CVE-2020-26052
 CVE-2020-26051
 	RESERVED
 CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local pr ...)
-	TODO: check
+	NOT-FOR-US: SaferVPN for Windows
 CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...)
 	NOT-FOR-US: Nifty-PM CPE
 CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...)
@@ -27221,9 +27221,9 @@ CVE-2020-24703 (An issue was discovered in certain WSO2 products. A valid Carbon
 CVE-2020-24702
 	RESERVED
 CVE-2020-24701 (OX App Suite through 7.10.4 allows XSS via the app loading mechanism ( ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-24700 (OX App Suite through 7.10.3 allows SSRF because GET requests are sent  ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress al ...)
 	NOT-FOR-US: Chamber Dashboard Business Directory plugin for WordPress
 CVE-2020-24698 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...)
@@ -29455,7 +29455,7 @@ CVE-2020-23655 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on mod
 CVE-2020-23654 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the modu ...)
 	NOT-FOR-US: NavigateCMS
 CVE-2020-23653 (An insecure unserialize vulnerability was discovered in ThinkAdmin ver ...)
-	TODO: check
+	NOT-FOR-US: ThinkAdmin
 CVE-2020-23652
 	RESERVED
 CVE-2020-23651
@@ -29499,7 +29499,7 @@ CVE-2020-23633
 CVE-2020-23632
 	RESERVED
 CVE-2020-23631 (Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA C ...)
-	TODO: check
+	NOT-FOR-US: WDJA CMS
 CVE-2020-23630 (A blind SQL injection vulnerability exists in zzcms ver201910 based on ...)
 	NOT-FOR-US: zzcms
 CVE-2020-23629
@@ -44706,7 +44706,7 @@ CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog &l
 CVE-2020-16147 (The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an  ...)
 	NOT-FOR-US: Telmat AccessLog
 CVE-2020-16146 (Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...)
 	{DSA-4744-1 DLA-2322-1}
 	- roundcube 1.4.8+dfsg.1-1 (bug #968216)
@@ -47279,13 +47279,13 @@ CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect fr
 CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)
 	NOT-FOR-US: ORY Fosite
 CVE-2020-15221 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2020-15220 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2020-15219 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2020-15218 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...)
 	- glpi <removed>
 CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...)
@@ -50014,9 +50014,9 @@ CVE-2020-14277
 CVE-2020-14276
 	RESERVED
 CVE-2020-14275 (Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1 ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2020-14274 (Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9 ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2020-14273 (HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vul ...)
 	NOT-FOR-US: HCL Domino
 CVE-2020-14272
@@ -53090,7 +53090,7 @@ CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System thr
 CVE-2020-13117
 	RESERVED
 CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an  ...)
-	TODO: check
+	NOT-FOR-US: OpenText Carbonite Server Backup Portal
 CVE-2020-13115
 	RESERVED
 CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
@@ -64790,7 +64790,7 @@ CVE-2020-9146
 CVE-2020-9145
 	RESERVED
 CVE-2020-9144 (There is a heap overflow vulnerability in some Huawei smartphone, atta ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9143
 	RESERVED
 CVE-2020-9142
@@ -73592,9 +73592,9 @@ CVE-2020-5688
 CVE-2020-5687
 	RESERVED
 CVE-2020-5686 (Incorrect implementation of authentication algorithm issue in UNIVERGE ...)
-	TODO: check
+	NOT-FOR-US: UNIVERGE
 CVE-2020-5685 (UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 al ...)
-	TODO: check
+	NOT-FOR-US: UNIVERGE
 CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC Storage Ma ...)
 	NOT-FOR-US: iSM client
 CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...)
@@ -77507,7 +77507,7 @@ CVE-2020-4081
 CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting  ...)
 	NOT-FOR-US: HCL
 CVE-2020-4079 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2020-4078
 	RESERVED
 CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89c54df19961e17fd63f1de6d8097c3fa54a1437

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89c54df19961e17fd63f1de6d8097c3fa54a1437
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210113/a9e30d5d/attachment.html>

More information about the debian-security-tracker-commits mailing list