[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jan 22 11:51:10 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d63323f by Salvatore Bonaccorso at 2021-01-22T12:50:45+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -161,7 +161,7 @@ CVE-2021-3201
 CVE-2021-3200
 	RESERVED
 CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2021-3198
 	RESERVED
 CVE-2021-25899
@@ -607,9 +607,9 @@ CVE-2021-25680
 CVE-2021-25679
 	RESERVED
 CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products. They do  ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafte ...)
-	TODO: check
+	NOT-FOR-US: LuCI in OpenWrt
 CVE-2021-3197
 	RESERVED
 CVE-2021-3196
@@ -714,9 +714,9 @@ CVE-2021-25644
 CVE-2021-25643
 	RESERVED
 CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated  ...)
-	TODO: check
+	NOT-FOR-US: TinyCheck
 CVE-2020-36199 (TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command ...)
-	TODO: check
+	NOT-FOR-US: TinyCheck
 CVE-2021-25642
 	RESERVED
 CVE-2021-25641
@@ -6463,11 +6463,11 @@ CVE-2021-22875
 CVE-2021-22874
 	RESERVED
 CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager account t ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2021-22870
 	RESERVED
 CVE-2021-22869
@@ -10421,7 +10421,7 @@ CVE-2020-35755
 CVE-2020-35754
 	RESERVED
 CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...)
-	TODO: check
+	NOT-FOR-US: Persis Human Resource Management Portal
 CVE-2020-35752
 	RESERVED
 CVE-2020-35751
@@ -18584,7 +18584,7 @@ CVE-2020-28876
 CVE-2020-28875
 	RESERVED
 CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: ProjectSend
 CVE-2020-28873
 	RESERVED
 CVE-2020-28872
@@ -23637,7 +23637,7 @@ CVE-2020-27861
 CVE-2020-27860
 	RESERVED
 CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: NEC ESMPRO Manager
 CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	TODO: check
 CVE-2020-27857
@@ -27764,7 +27764,7 @@ CVE-2020-26297 (mdBook is a utility to create modern online books from Markdown
 CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...)
 	NOT-FOR-US: Node vega
 CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In OpenMage  ...)
-	TODO: check
+	NOT-FOR-US: OpenMage
 CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
 	NOT-FOR-US: Vela
 CVE-2020-26293 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...)
@@ -27784,7 +27784,7 @@ CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing mar
 CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
 	NOT-FOR-US: HedgeDoc
 CVE-2020-26285 (OpenMage is a community-driven alternative to Magento CE. In OpenMage  ...)
-	TODO: check
+	NOT-FOR-US: OpenMage
 CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ...)
 	- hugo 0.79.1-1 (unimportant)
 	NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq
@@ -27877,7 +27877,7 @@ CVE-2020-26254 (omniauth-apple is the OmniAuth strategy for "Sign In with Apple"
 CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and  ...)
 	NOT-FOR-US: Kirby CMS
 CVE-2020-26252 (OpenMage is a community-driven alternative to Magento CE. In OpenMage  ...)
-	TODO: check
+	NOT-FOR-US: OpenMage
 CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to enable  ...)
 	NOT-FOR-US: Open Zaak
 CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...)
@@ -31936,7 +31936,7 @@ CVE-2020-24551 (IProom MMC+ Server login page does not validate specific paramet
 CVE-2020-24550
 	RESERVED
 CVE-2020-24549 (openMAINT before 1.1-2.4.2 allows remote authenticated users to run ar ...)
-	TODO: check
+	NOT-FOR-US: openMAINT
 CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...)
 	NOT-FOR-US: Ericom
 CVE-2020-24547
@@ -38828,9 +38828,9 @@ CVE-2020-21149
 CVE-2020-21148
 	RESERVED
 CVE-2020-21147 (RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: RockOA
 CVE-2020-21146 (Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Feehi CMS
 CVE-2020-21145
 	RESERVED
 CVE-2020-21144



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d63323feda91e6d5bf6ce8251cad5f454263df7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d63323feda91e6d5bf6ce8251cad5f454263df7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210122/76b8b897/attachment.html>

More information about the debian-security-tracker-commits mailing list