[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 29 21:16:42 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4732a07 by Salvatore Bonaccorso at 2021-07-29T22:16:21+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1193,7 +1193,7 @@ CVE-2021-37146
 CVE-2021-37145
 	RESERVED
 CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...)
-	TODO: check
+	NOT-FOR-US: CSZ CMS
 CVE-2021-37143
 	RESERVED
 CVE-2021-37142
@@ -2378,13 +2378,13 @@ CVE-2021-36626
 CVE-2021-36625
 	RESERVED
 CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-36623
 	RESERVED
 CVE-2021-36622
 	RESERVED
 CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-36620
 	RESERVED
 CVE-2021-36619
@@ -18034,7 +18034,7 @@ CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows
 CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...)
 	NOT-FOR-US: Jamf Pro
 CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...)
-	TODO: check
+	NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual Studio Code
 CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec ...)
 	- ffmpeg <not-affected> (Only affects 4.4 development branches)
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
@@ -38343,7 +38343,7 @@ CVE-2021-21548
 CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 ...)
 	NOT-FOR-US: EMC
 CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 c ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation for a lo ...)
 	NOT-FOR-US: Dell
 CVE-2021-21544 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authe ...)
@@ -38359,7 +38359,7 @@ CVE-2021-21540 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-bas
 CVE-2021-21539 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check T ...)
 	NOT-FOR-US: EMC
 CVE-2021-21538 (Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00 ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
 	NOT-FOR-US: Dell Hybrid Client
 CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
@@ -42318,7 +42318,7 @@ CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable
 CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
 	NOT-FOR-US: IBM
 CVE-2021-20505 (The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20504 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
 	NOT-FOR-US: IBM
 CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
@@ -43523,13 +43523,13 @@ CVE-2021-20116
 CVE-2021-20115
 	RESERVED
 CVE-2021-20114 (When installed following the default/recommended settings, TCExam < ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2021-20112 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2021-20111 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS  ...)
 	NOT-FOR-US: Manage Engine Asset Explorer Agent
 CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an  ...)
@@ -66236,7 +66236,7 @@ CVE-2020-22767
 CVE-2020-22766
 	RESERVED
 CVE-2020-22765 (Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the ...)
-	TODO: check
+	NOT-FOR-US: NukeViet cms
 CVE-2020-22764
 	RESERVED
 CVE-2020-22763
@@ -66244,7 +66244,7 @@ CVE-2020-22763
 CVE-2020-22762
 	RESERVED
 CVE-2020-22761 (Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via t ...)
-	TODO: check
+	NOT-FOR-US: FlatPress
 CVE-2020-22760
 	RESERVED
 CVE-2020-22759
@@ -68266,9 +68266,9 @@ CVE-2020-21811
 CVE-2020-21810
 	RESERVED
 CVE-2020-21809 (SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4. ...)
-	TODO: check
+	NOT-FOR-US: NukeViet CMS module Shops
 CVE-2020-21808 (SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the to ...)
-	TODO: check
+	NOT-FOR-US: NukeViet CMS
 CVE-2020-21807
 	RESERVED
 CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...)
@@ -75621,7 +75621,7 @@ CVE-2020-18177
 CVE-2020-18176
 	RESERVED
 CVE-2020-18175 (SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd a ...)
-	TODO: check
+	NOT-FOR-US: Metinfo
 CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 ...)
 	TODO: check
 CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 al ...)
@@ -75655,9 +75655,9 @@ CVE-2020-18160
 CVE-2020-18159
 	RESERVED
 CVE-2020-18158 (Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname  ...)
-	TODO: check
+	NOT-FOR-US: HuCart
 CVE-2020-18157 (Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a ...)
-	TODO: check
+	NOT-FOR-US: MetInfo
 CVE-2020-18156
 	RESERVED
 CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page i ...)
@@ -109707,7 +109707,7 @@ CVE-2020-5355
 CVE-2020-5354
 	RESERVED
 CVE-2020-5353 (The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS comma ...)
 	NOT-FOR-US: EMC
 CVE-2020-5351 (Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an ...)
@@ -109755,7 +109755,7 @@ CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an inform
 CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell ...)
 	NOT-FOR-US: EMC
 CVE-2020-5329 (Dell EMC Avamar Server contains an open redirect vulnerability. A remo ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized  ...)
 	NOT-FOR-US: EMC
 CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4732a0735249e00ac7dc9f4e363037486225ec5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4732a0735249e00ac7dc9f4e363037486225ec5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210729/b823c599/attachment.htm>

More information about the debian-security-tracker-commits mailing list