[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 29 05:53:06 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1380cbaf by Salvatore Bonaccorso at 2021-07-29T06:52:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7689,9 +7689,9 @@ CVE-2021-34168
 CVE-2021-34167
 	RESERVED
 CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-34164
 	RESERVED
 CVE-2021-34163
@@ -30016,7 +30016,7 @@ CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventor
 CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 1.0 allows ...)
 	NOT-FOR-US: Learning Management System
 CVE-2021-25200 (Arbitrary file upload vulnerability in SourceCodester Learning Managem ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2021-25199
 	RESERVED
 CVE-2021-25198
@@ -33917,7 +33917,7 @@ CVE-2021-23417 (All versions of package deepmergefn are vulnerable to Prototype
 CVE-2021-23416 (This affects all versions of package curly-bracket-parser. When used a ...)
 	TODO: check
 CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The user-contro ...)
-	TODO: check
+	NOT-FOR-US: elFinder.AspNet
 CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribute of  ...)
 	TODO: check
 CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...)
@@ -67915,7 +67915,7 @@ CVE-2020-21856
 CVE-2020-21855
 	RESERVED
 CVE-2020-21854 (Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the syste ...)
-	TODO: check
+	NOT-FOR-US: WDScanner
 CVE-2020-21853
 	RESERVED
 CVE-2020-21852
@@ -68011,7 +68011,7 @@ CVE-2020-21808
 CVE-2020-21807
 	RESERVED
 CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...)
-	TODO: check
+	NOT-FOR-US: ECTouch
 CVE-2020-21805
 	RESERVED
 CVE-2020-21804
@@ -70237,13 +70237,13 @@ CVE-2020-20703
 CVE-2020-20702
 	RESERVED
 CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...)
-	TODO: check
+	NOT-FOR-US: S-CMS PHP
 CVE-2020-20700 (A stored cross site scripting (XSS) vulnerability in /app/form_add/of  ...)
-	TODO: check
+	NOT-FOR-US: S-CMS PHP
 CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows at ...)
-	TODO: check
+	NOT-FOR-US: S-CMS PHP
 CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...)
-	TODO: check
+	NOT-FOR-US: S-CMS PHP
 CVE-2020-20697
 	RESERVED
 CVE-2020-20696
@@ -73449,7 +73449,7 @@ CVE-2020-19120
 CVE-2020-19119
 	RESERVED
 CVE-2020-19118 (Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_cod ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-19117
 	RESERVED
 CVE-2020-19116
@@ -75364,13 +75364,13 @@ CVE-2020-18175
 CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 ...)
 	TODO: check
 CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 al ...)
-	TODO: check
+	NOT-FOR-US: 1Password
 CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege component of Tr ...)
 	TODO: check
 CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) w ...)
 	TODO: check
 CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager ...)
-	TODO: check
+	NOT-FOR-US: Abloy Key Manager
 CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of TechSmit ...)
 	TODO: check
 CVE-2020-18168
@@ -75809,7 +75809,7 @@ CVE-2020-17954
 CVE-2020-17953
 	RESERVED
 CVE-2020-17952 (A remote code execution (RCE) vulnerability in /library/think/App.php  ...)
-	TODO: check
+	NOT-FOR-US: Twothink
 CVE-2020-17951
 	RESERVED
 CVE-2020-17950
@@ -89200,7 +89200,7 @@ CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
 CVE-2020-12682
 	RESERVED
 CVE-2020-12681 (Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices  ...)
-	TODO: check
+	NOT-FOR-US: 3xLogic Infinias eIDC32 devices
 CVE-2020-12680 (** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows loca ...)
 	NOT-FOR-US: Avira Free Antivirus
 CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...)
@@ -100165,7 +100165,7 @@ CVE-2019-20469
 CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horlo ...)
 	NOT-FOR-US: TK-Star Q90 Junior GPS horloge
 CVE-2019-20467 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2  ...)
-	TODO: check
+	NOT-FOR-US: Sannce
 CVE-2019-20466 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2  ...)
 	NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
 CVE-2019-20465 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2  ...)
@@ -335944,11 +335944,11 @@ CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in
 	- putty 0.63-10 (bug #779488)
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
 CVE-2015-2100 (Multiple stack-based buffer overflows in WebGate eDVR Manager and Cont ...)
-	TODO: check
+	NOT-FOR-US: eDVR Manager and Control Center
 CVE-2015-2099 (Multiple buffer overflows in WebGate Control Center allow remote attac ...)
 	TODO: check
 CVE-2015-2098 (Multiple stack-based buffer overflows in WebGate eDVR Manager allow re ...)
-	TODO: check
+	NOT-FOR-US: WebGate eDVR Manager
 CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) ...)
 	NOT-FOR-US: WESP SDK
 CVE-2015-2096 (Use-after-free vulnerability in the Connect function in the WESPMonito ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1380cbaf82388ca9e1e86a9167aa426c5c8e237e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1380cbaf82388ca9e1e86a9167aa426c5c8e237e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210729/6d5f55ac/attachment.htm>

More information about the debian-security-tracker-commits mailing list