[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 12 21:21:34 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc230176 by Salvatore Bonaccorso at 2021-07-12T22:20:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -669,9 +669,9 @@ CVE-2021-36384
 CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...)
 	TODO: check
 CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows  ...)
-	TODO: check
+	NOT-FOR-US: Devolutions Server
 CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: Edifecs
 CVE-2021-36380
 	RESERVED
 CVE-2021-36379
@@ -3589,7 +3589,7 @@ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.
 CVE-2021-35065
 	RESERVED
 CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...)
-	TODO: check
+	NOT-FOR-US: KramerAV VIAWare
 CVE-2021-35063
 	RESERVED
 	[experimental] - suricata 1:6.0.3-1~exp1
@@ -3683,7 +3683,7 @@ CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Si
 CVE-2021-35038
 	RESERVED
 CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...)
-	TODO: check
+	NOT-FOR-US: Jamf Pro
 CVE-2021-35036
 	RESERVED
 CVE-2021-35035
@@ -6401,7 +6401,7 @@ CVE-2021-33809
 CVE-2021-33808
 	RESERVED
 CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...)
-	TODO: check
+	NOT-FOR-US: Cartadis Gespage
 CVE-2021-3579
 	RESERVED
 CVE-2021-3578 [possible remote code execution in isync/mbsync]
@@ -22233,7 +22233,7 @@ CVE-2021-27295
 CVE-2021-27294
 	RESERVED
 CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is  ...)
-	TODO: check
+	NOT-FOR-US: RestSharp
 CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression  ...)
 	- node-ua-parser-js 0.7.24+ds-1 (bug #985568)
 	[buster] - node-ua-parser-js <no-dsa> (Minor issue)
@@ -25256,7 +25256,7 @@ CVE-2021-26101
 CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service  ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...)
-	TODO: check
+	NOT-FOR-US: FortiMail
 CVE-2021-26098
 	RESERVED
 CVE-2021-26097
@@ -25274,9 +25274,9 @@ CVE-2021-26092
 CVE-2021-26091
 	RESERVED
 CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FortiMail
 CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
-	TODO: check
+	NOT-FOR-US: FortiClient
 CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...)
 	TODO: check
 CVE-2021-26087
@@ -33555,7 +33555,7 @@ CVE-2021-22517
 CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
 	NOT-FOR-US: Micro Focus Secure API Manager
 CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...)
-	TODO: check
+	NOT-FOR-US: NetIQ
 CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
 	NOT-FOR-US: Micro Focus
 CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...)
@@ -66754,11 +66754,11 @@ CVE-2020-21135
 CVE-2020-21134
 	RESERVED
 CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpasswor ...)
-	TODO: check
+	NOT-FOR-US: Metinfo
 CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. ...)
-	TODO: check
+	NOT-FOR-US: Metinfo
 CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language ...)
-	TODO: check
+	NOT-FOR-US: Metinfo
 CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...)
 	NOT-FOR-US: HisiPHP
 CVE-2020-21129
@@ -70651,7 +70651,7 @@ CVE-2020-19206
 CVE-2020-19205
 	RESERVED
 CVE-2020-19204 (Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: C ...)
 	TODO: check
 CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc230176a768a7482f1b2bda16b4fd7d75b91fea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc230176a768a7482f1b2bda16b4fd7d75b91fea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210712/13f8bac8/attachment.htm>

More information about the debian-security-tracker-commits mailing list