[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jan 19 20:26:11 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f988e980 by Salvatore Bonaccorso at 2021-01-19T21:25:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...)
-	TODO: check
+	NOT-FOR-US: Files.com Fat Client
 CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...)
 	- mutt <unfixed> (bug #980326)
 	NOTE: https://gitlab.com/muttmua/mutt/-/issues/323
@@ -19,11 +19,11 @@ CVE-2021-25327
 CVE-2021-25326
 	RESERVED
 CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2021-25322
 	RESERVED
 CVE-2021-25321
@@ -5124,11 +5124,11 @@ CVE-2021-22854
 CVE-2021-22853
 	RESERVED
 CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can  ...)
-	TODO: check
+	NOT-FOR-US: HGiga EIP
 CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can  ...)
-	TODO: check
+	NOT-FOR-US: HGiga EIP
 CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...)
-	TODO: check
+	NOT-FOR-US: HGiga EIP
 CVE-2021-22849
 	RESERVED
 CVE-2021-22848
@@ -15791,7 +15791,7 @@ CVE-2020-29452
 CVE-2020-29451
 	RESERVED
 CVE-2020-29450 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-29449
 	RESERVED
 CVE-2020-29448
@@ -22693,7 +22693,7 @@ CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to ta
 CVE-2020-27734
 	RESERVED
 CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 allows an ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-27732
 	RESERVED
 CVE-2020-27731
@@ -32974,7 +32974,7 @@ CVE-2020-23344
 CVE-2020-23343
 	RESERVED
 CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...)
-	TODO: check
+	NOT-FOR-US: Anchor CMS
 CVE-2020-23341
 	RESERVED
 CVE-2020-23340
@@ -69086,7 +69086,7 @@ CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to
 CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
 	NOT-FOR-US: HCI
 CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible  ...)
-	TODO: check
+	NOT-FOR-US: Clustered Data ONTAP
 CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...)
 	NOT-FOR-US: SANtricity OS Controller Software
 CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...)
@@ -97785,7 +97785,7 @@ CVE-2019-16963
 CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...)
 	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2019-16961 (SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...)
 	NOT-FOR-US: SolarWinds
 CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f988e98028309f7364f19dd37d73f55dbf5874ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f988e98028309f7364f19dd37d73f55dbf5874ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210119/ace8d3c2/attachment.html>

More information about the debian-security-tracker-commits mailing list