[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 14 20:16:20 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
151c3df1 by Salvatore Bonaccorso at 2021-07-14T21:15:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39179,7 +39179,7 @@ CVE-2021-20783
 CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...)
 	TODO: check
 CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Cu ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-20779 (Cross-site request forgery (CSRF) vulnerability in WordPress Email Tem ...)
@@ -39247,7 +39247,7 @@ CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 a
 CVE-2021-20748 (Retty App for Android versions prior to 4.8.13 and Retty App for iOS v ...)
 	NOT-FOR-US: Retty
 CVE-2021-20747 (Improper authorization in handler for custom URL scheme vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Retty App
 CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-20745 (Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitra ...)
@@ -39554,11 +39554,11 @@ CVE-2021-20597
 CVE-2021-20596
 	RESERVED
 CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2021-20594
 	RESERVED
 CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2021-20592
 	RESERVED
 CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
@@ -48224,7 +48224,7 @@ CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice
 CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...)
 	NOT-FOR-US: Star Practice Management Web
 CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation Kits for ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-28399
 	RESERVED
 CVE-2020-28398
@@ -62908,7 +62908,7 @@ CVE-2020-23081
 CVE-2020-23080
 	RESERVED
 CVE-2020-23079 (SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2020-23078
 	RESERVED
 CVE-2020-23077
@@ -68702,11 +68702,11 @@ CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memor
 CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by  ...)
 	NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20251
 	RESERVED
 CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-20249
 	RESERVED
 CVE-2020-20248
@@ -69763,17 +69763,17 @@ CVE-2020-19724
 CVE-2020-19723
 	RESERVED
 CVE-2020-19722 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-19721 (A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1 ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-19720 (An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bent ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-19719 (A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628  ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-19718 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-19717 (An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bent ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2020-19716 (A buffer overflow vulnerability in the Databuf function in types.cpp o ...)
 	TODO: check
 CVE-2020-19715 (An integer overflow vulnerability in the getUShort function of Exiv2 0 ...)
@@ -70810,11 +70810,11 @@ CVE-2020-19205
 CVE-2020-19204 (Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected ...)
 	NOT-FOR-US: IPFire
 CVE-2020-19203 (Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: C ...)
-	TODO: check
+	NOT-FOR-US: Netgate pfSense Community Edition
 CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
 	NOT-FOR-US: IPFire
 CVE-2020-19201 (Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). ...)
-	TODO: check
+	NOT-FOR-US: Netgate pfSense
 CVE-2020-19200
 	RESERVED
 CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2. ...)
@@ -71140,9 +71140,9 @@ CVE-2020-19040
 CVE-2020-19039
 	RESERVED
 CVE-2020-19038 (File Deletion vulnerability in Halo 0.4.3 via delBackup. ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2020-19037 (Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a m ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2020-19036
 	RESERVED
 CVE-2020-19035
@@ -71252,13 +71252,13 @@ CVE-2020-18984
 CVE-2020-18983
 	RESERVED
 CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2020-18981
 	RESERVED
 CVE-2020-18980 (Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr an ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2020-18979 (Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwa ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2020-18978
 	RESERVED
 CVE-2020-18977
@@ -72134,7 +72134,7 @@ CVE-2020-18546
 CVE-2020-18545
 	RESERVED
 CVE-2020-18544 (SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: WMS
 CVE-2020-18543
 	RESERVED
 CVE-2020-18542



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/151c3df14143beab6519db31df8db80eb65048bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/151c3df14143beab6519db31df8db80eb65048bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210714/f201fa81/attachment.htm>

More information about the debian-security-tracker-commits mailing list