[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 7 21:51:03 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41c83e65 by Salvatore Bonaccorso at 2021-07-07T22:50:29+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9804,7 +9804,7 @@ CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Anne
 CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...)
 	NOT-FOR-US: CubeCoders AMP
 CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...)
-	TODO: check
+	NOT-FOR-US: Pexip
 CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...)
 	- pam-u2f 1.1.0-1.1 (bug #987545)
 	[buster] - pam-u2f <not-affected> (Vulnerable code not present)
@@ -17295,7 +17295,7 @@ CVE-2021-28933
 CVE-2021-28932
 	RESERVED
 CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2021-28930
 	RESERVED
 CVE-2021-28929
@@ -23723,9 +23723,9 @@ CVE-2021-3319
 CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
 	NOT-FOR-US: DzzOffice
 CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
-	TODO: check
+	NOT-FOR-US: NinjaRMM
 CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: NinjaRMM
 CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and  ...)
 	- glibc 2.31-10 (bug #981198)
 	[buster] - glibc <no-dsa> (Minor issue)
@@ -24336,15 +24336,15 @@ CVE-2021-26041
 CVE-2021-26040
 	RESERVED
 CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install actio ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing valid ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
 	NOT-FOR-US: Joomla!
 CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
@@ -34050,13 +34050,13 @@ CVE-2021-21791
 CVE-2021-21790
 	RESERVED
 CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit Advanced  ...)
-	TODO: check
+	NOT-FOR-US: IOBit
 CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit Advanced  ...)
-	TODO: check
+	NOT-FOR-US: IOBit
 CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit Advanced  ...)
-	TODO: check
+	NOT-FOR-US: IOBit
 CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 0x9c406144 ha ...)
-	TODO: check
+	NOT-FOR-US: IOBit
 CVE-2021-21785
 	RESERVED
 CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...)
@@ -55259,7 +55259,7 @@ CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 a
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
 	NOTE: https://phabricator.wikimedia.org/T260485
 CVE-2020-25868 (Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Valida ...)
-	TODO: check
+	NOT-FOR-US: Pexip
 CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...)
 	NOT-FOR-US: SoPlanning
 CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...)
@@ -59702,7 +59702,7 @@ CVE-2020-24040
 CVE-2020-24039
 	RESERVED
 CVE-2020-24038 (myFax version 229 logs sensitive information in the export log module  ...)
-	TODO: check
+	NOT-FOR-US: myFax
 CVE-2020-24037
 	RESERVED
 CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in ForkCMS be ...)
@@ -60414,11 +60414,11 @@ CVE-2020-23704
 CVE-2020-23703
 	RESERVED
 CVE-2020-23702 (Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'Ne ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-23701
 	RESERVED
 CVE-2020-23700 (Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the ...)
-	TODO: check
+	NOT-FOR-US: LavaLite-CMS
 CVE-2020-23699
 	RESERVED
 CVE-2020-23698
@@ -67550,7 +67550,7 @@ CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers from a memory corruption v
 CVE-2020-20226
 	RESERVED
 CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion  ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20224
 	RESERVED
 CVE-2020-20223
@@ -67568,17 +67568,17 @@ CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory
 CVE-2020-20217
 	RESERVED
 CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...)
 	NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaus ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corrup ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20210
 	RESERVED
 CVE-2020-20209



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c83e655dfd53e8b0864e8f2d5ce7eb5c756f8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c83e655dfd53e8b0864e8f2d5ce7eb5c756f8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210707/83d8934b/attachment.htm>

More information about the debian-security-tracker-commits mailing list