[Git][security-tracker-team/security-tracker][master] Process several NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df987146 by Salvatore Bonaccorso at 2021-06-03T23:05:58+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2042,7 +2042,7 @@ CVE-2021-32928
 CVE-2021-32927
 	RESERVED
 CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2021-3551
 	RESERVED
 CVE-2021-3550
@@ -2052,7 +2052,7 @@ CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.14 reads XML data without
 CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...)
 	NOT-FOR-US: Invision Community (aka IPS Community Suite)
 CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2021-32922
 	RESERVED
 CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...)
@@ -4653,9 +4653,9 @@ CVE-2021-31833
 CVE-2021-31832
 	RESERVED
 CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Des ...)
 	- libphp-phpmailer 6.2.0-2 (bug #988732)
 	[buster] - libphp-phpmailer <not-affected> (Regression introduced in 6.1.8)
@@ -11885,7 +11885,7 @@ CVE-2021-28849
 CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of service ...)
 	TODO: check
 CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...)
-	TODO: check
+	NOT-FOR-US: MobaXterm
 CVE-2021-28846
 	RESERVED
 CVE-2021-28845
@@ -11968,7 +11968,7 @@ CVE-2021-28814
 CVE-2021-28813
 	RESERVED
 CVE-2021-28812 (A command injection vulnerability has been reported to affect certain  ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28811
 	RESERVED
 CVE-2021-28810
@@ -11978,9 +11978,9 @@ CVE-2021-28809
 CVE-2021-28808
 	RESERVED
 CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been reported to ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28805
 	RESERVED
 CVE-2021-28804
@@ -17207,7 +17207,7 @@ CVE-2021-26586
 CVE-2021-26585
 	RESERVED
 CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
-	TODO: check
+	NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC)
 CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...)
 	NOT-FOR-US: HPE
 CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...)
@@ -23234,7 +23234,7 @@ CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote
 CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...)
 	NOT-FOR-US: FortiADCManager
 CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may allow a ...)
-	TODO: check
+	NOT-FOR-US: FortiAI (FortiGuard)
 CVE-2021-24022
 	RESERVED
 CVE-2021-24021
@@ -27127,7 +27127,7 @@ CVE-2021-22338
 CVE-2021-22337
 	RESERVED
 CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22335
 	RESERVED
 CVE-2021-22334
@@ -27149,13 +27149,13 @@ CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart
 CVE-2021-22326
 	RESERVED
 CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22324 (There is a Credentials Management Errors vulnerability in Huawei Smart ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22323
 	RESERVED
 CVE-2021-22322 (There is a Missing Authentication for Critical Function vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A module  ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...)
@@ -27165,15 +27165,15 @@ CVE-2021-22319
 CVE-2021-22318
 	RESERVED
 CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22316 (There is a Missing Authentication for Critical Function vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22315
 	RESERVED
 CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22313 (There is a Security Function vulnerability in Huawei Smartphone. Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...)
@@ -27183,7 +27183,7 @@ CVE-2021-22310 (There is an information leakage vulnerability in some huawei pro
 CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. A module ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22308 (There is a Business Logic Errors vulnerability in Huawei Smartphone. T ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...)
@@ -27590,7 +27590,7 @@ CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information di
 CVE-2021-22131
 	RESERVED
 CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...)
-	TODO: check
+	NOT-FOR-US: FortiProxy (FortiGuard)
 CVE-2021-22129
 	RESERVED
 CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal  ...)
@@ -34517,9 +34517,9 @@ CVE-2020-35444
 CVE-2020-35443
 	RESERVED
 CVE-2020-35442 (FDCMS (also known as Fangfa Content Management System) 4.0 allows remo ...)
-	TODO: check
+	NOT-FOR-US: FDCMS (Fangfa Content Management System)
 CVE-2020-35441 (FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end  ...)
-	TODO: check
+	NOT-FOR-US: FDCMS (Fangfa Content Management System)
 CVE-2020-35440
 	RESERVED
 CVE-2020-35439
@@ -60050,11 +60050,11 @@ CVE-2020-21007
 CVE-2020-21006
 	RESERVED
 CVE-2020-21005 (WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to t ...)
-	TODO: check
+	NOT-FOR-US: WellCMS
 CVE-2020-21004
 	RESERVED
 CVE-2020-21003 (Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin. ...)
-	TODO: check
+	NOT-FOR-US: Pbootcms
 CVE-2020-21002
 	RESERVED
 CVE-2020-21001



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df98714662c62e66dc5f1701003eed02522c12c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df98714662c62e66dc5f1701003eed02522c12c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210603/5d14d3be/attachment.htm>