[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Jul 30 13:51:21 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e204660 by Salvatore Bonaccorso at 2021-07-30T14:51:00+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2021-37745
 CVE-2021-37744
 	RESERVED
 CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored X ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2021-37741
 	RESERVED
 CVE-2021-37740
@@ -27453,7 +27453,7 @@ CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through
 CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36239 (Jira Data Center, Jira Core Data Center, Jira Software Data Center fro ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-36238 (The /rest/api/1.0/render resource in Jira Server and Data Center befor ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36237 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -30158,7 +30158,7 @@ CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2
 CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the /sys/attachme ...)
 	NOT-FOR-US: Landray EKP
 CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email detail vi ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2021-25272
 	RESERVED
 CVE-2021-25271
@@ -57607,7 +57607,7 @@ CVE-2020-26565
 CVE-2020-26564
 	RESERVED
 CVE-2020-26563 (ObjectPlanet Opinio before 7.13 allows reflected XSS via the survey/ad ...)
-	TODO: check
+	NOT-FOR-US: ObjectPlanet Opinio
 CVE-2020-26562
 	RESERVED
 CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_ ...)
@@ -75698,11 +75698,11 @@ CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.
 CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege component of Tr ...)
 	TODO: check
 CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) w ...)
-	TODO: check
+	NOT-FOR-US: TechSmith Snagit
 CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager ...)
 	NOT-FOR-US: Abloy Key Manager
 CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of TechSmit ...)
-	TODO: check
+	NOT-FOR-US: TechSmith Snagit
 CVE-2020-18168
 	RESERVED
 CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
@@ -78469,7 +78469,7 @@ CVE-2020-16841
 CVE-2020-16840
 	RESERVED
 CVE-2020-16839 (On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before th ...)
-	TODO: check
+	NOT-FOR-US: Crestron
 CVE-2020-16838
 	RESERVED
 CVE-2020-16837
@@ -80621,7 +80621,7 @@ CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user s
 CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure permissions that ...)
 	NOT-FOR-US: Immuta
 CVE-2020-15948 (eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. ...)
-	TODO: check
+	NOT-FOR-US: eGain Chat
 CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for  ...)
 	- rust-linked-hash-map 0.5.4-1 (bug #966246)
 	[buster] - rust-linked-hash-map <no-dsa> (Minor issue)
@@ -104610,13 +104610,13 @@ CVE-2020-7392
 CVE-2020-7391
 	RESERVED
 CVE-2020-7390 (Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Pr ...)
-	TODO: check
+	NOT-FOR-US: Sage X3
 CVE-2020-7389 (Sage X3 System CHAINE Variable Script Command Injection. An authentica ...)
-	TODO: check
+	NOT-FOR-US: Sage X3
 CVE-2020-7388 (Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in Ad ...)
-	TODO: check
+	NOT-FOR-US: Sage X3
 CVE-2020-7387 (Sage X3 Installation Pathname Disclosure. A specially crafted packet c ...)
-	TODO: check
+	NOT-FOR-US: Sage X3
 CVE-2020-7386
 	RESERVED
 CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit Framework u ...)
@@ -336276,7 +336276,7 @@ CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in
 CVE-2015-2100 (Multiple stack-based buffer overflows in WebGate eDVR Manager and Cont ...)
 	NOT-FOR-US: eDVR Manager and Control Center
 CVE-2015-2099 (Multiple buffer overflows in WebGate Control Center allow remote attac ...)
-	TODO: check
+	NOT-FOR-US: WebGate Control Center
 CVE-2015-2098 (Multiple stack-based buffer overflows in WebGate eDVR Manager allow re ...)
 	NOT-FOR-US: WebGate eDVR Manager
 CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e20466096d2166416825ca5255728b46305a922

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e20466096d2166416825ca5255728b46305a922
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210730/0883dd1d/attachment.htm>
