[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jul 1 22:06:32 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
588b8f4e by Moritz Muehlenhoff at 2021-07-01T23:06:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1685,9 +1685,9 @@ CVE-2021-35339
 CVE-2021-35338
 	RESERVED
 CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System
 CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...)
-	TODO: check
+	NOT-FOR-US: Tieline IP Audio Gateway
 CVE-2021-35335
 	RESERVED
 CVE-2021-35334
@@ -7532,11 +7532,11 @@ CVE-2021-32733
 CVE-2021-32732
 	RESERVED
 CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2021-32728
 	RESERVED
 CVE-2021-32727
@@ -9874,7 +9874,7 @@ CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-2
 CVE-2021-31814
 	RESERVED
 CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...)
 	- libpdfbox2-java <unfixed>
 	- libpdfbox-java <undetermined>
@@ -18104,9 +18104,9 @@ CVE-2021-28426
 CVE-2021-28425
 	RESERVED
 CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers Record M ...)
-	TODO: check
+	NOT-FOR-US: Teachers Record Management
 CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record Management S ...)
-	TODO: check
+	NOT-FOR-US: Teachers Record Management
 CVE-2021-28422
 	RESERVED
 CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/f ...)
@@ -18832,7 +18832,7 @@ CVE-2021-28129
 CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's  ...)
 	NOT-FOR-US: Strapi
 CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...)
-	TODO: check
+	NOT-FOR-US: Stormshield SNS
 CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...)
 	NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
 CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of  ...)
@@ -19981,9 +19981,9 @@ CVE-2021-27663
 CVE-2021-27662
 	RESERVED
 CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
-	TODO: check
+	NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller
 CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...)
-	TODO: check
+	NOT-FOR-US: C-CURE 9000
 CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter,  ...)
 	NOT-FOR-US: exacqVision Web Service
 CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...)
@@ -20376,7 +20376,7 @@ CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected produc
 CVE-2021-27478
 	RESERVED
 CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...)
-	TODO: check
+	NOT-FOR-US: JTEKT
 CVE-2021-27476
 	RESERVED
 CVE-2021-27475
@@ -32439,15 +32439,15 @@ CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphon
 CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei Smartphone. Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A modul ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A resource ma ...)
@@ -37543,7 +37543,7 @@ CVE-2021-20780
 CVE-2021-20779
 	RESERVED
 CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 seri ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2021-20777
 	RESERVED
 CVE-2021-20776
@@ -39286,7 +39286,7 @@ CVE-2021-20109
 CVE-2021-20108
 	RESERVED
 CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...)
-	TODO: check
+	NOT-FOR-US: Sloan
 CVE-2021-20106
 	RESERVED
 CVE-2021-20105 (Machform prior to version 16 is vulnerable to an open redirect in Safa ...)
@@ -51337,9 +51337,9 @@ CVE-2020-27364
 CVE-2020-27363
 	RESERVED
 CVE-2020-27362 (An issue exists within the SSH console of Akkadian Provisioning Manage ...)
-	TODO: check
+	NOT-FOR-US: Akkadian
 CVE-2020-27361 (An issue exists within Akkadian Provisioning Manager 4.50.02 which all ...)
-	TODO: check
+	NOT-FOR-US: Akkadian
 CVE-2020-27360
 	RESERVED
 CVE-2020-27359 (A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before ...)
@@ -70208,11 +70208,11 @@ CVE-2020-18665 (Directory Traversal vulnerability in WebPort <=1.19.1 in tags
 CVE-2020-18664 (Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the ...)
 	NOT-FOR-US: WebPort
 CVE-2020-18663 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 vi ...)
-	TODO: check
+	NOT-FOR-US: gnuboard5
 CVE-2020-18662 (SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_p ...)
-	TODO: check
+	NOT-FOR-US: gnuboard5
 CVE-2020-18661 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 vi ...)
-	TODO: check
+	NOT-FOR-US: gnuboard5
 CVE-2020-18660 (GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php  ...)
 	NOT-FOR-US: GetSimpleCMS
 CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the ...)
@@ -71419,7 +71419,7 @@ CVE-2020-18068
 CVE-2020-18067
 	RESERVED
 CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName ...)
-	TODO: check
+	NOT-FOR-US: Zrlog
 CVE-2020-18065
 	RESERVED
 CVE-2020-18064
@@ -72048,9 +72048,9 @@ CVE-2020-17755
 CVE-2020-17754
 	RESERVED
 CVE-2020-17753 (An issue was discovered in function addMeByRC in the smart contract im ...)
-	TODO: check
+	NOT-FOR-US: some Ethereum token
 CVE-2020-17752 (Integer overflow vulnerability in payable function of a smart contract ...)
-	TODO: check
+	NOT-FOR-US: some Ethereum token
 CVE-2020-17751
 	RESERVED
 CVE-2020-17750
@@ -95660,7 +95660,7 @@ CVE-2020-9160
 CVE-2020-9159
 	RESERVED
 CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei Smartpho ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9157
 	RESERVED
 CVE-2020-9156
@@ -97341,7 +97341,6 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
 	NOTE: https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch)
 	NOTE: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch)
 	NOTE: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch)
-	TODO: check, upload of pypy/7.3.5+dfsg-1 to experimental claims this affects src:pypy
 CVE-2020-8491
 	RESERVED
 CVE-2020-8490
@@ -99027,7 +99026,7 @@ CVE-2020-7872
 CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to  ...)
 	NOT-FOR-US: Cnesty Helpcom
 CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly handles ...)
-	TODO: check
+	NOT-FOR-US: ezPDF
 CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remote ad ...)
 	NOT-FOR-US: ZOOK software
 CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588b8f4e3ef05aa5b1dd5265995eb02d58af283c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/588b8f4e3ef05aa5b1dd5265995eb02d58af283c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210701/930da38a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list