[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 4 21:18:02 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97af35a9 by Salvatore Bonaccorso at 2021-06-04T22:17:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -89,7 +89,7 @@ CVE-2021-3579
 CVE-2021-3578
 	RESERVED
 CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...)
-	TODO: check
+	NOT-FOR-US: BDew BdLib library
 CVE-2021-33805 (In the reference implementation of FUSE before 2.9.8 and 3.x before 3. ...)
 	TODO: check
 CVE-2021-3577
@@ -2632,9 +2632,9 @@ CVE-2021-32668
 CVE-2021-32667
 	RESERVED
 CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
-	TODO: check
+	NOT-FOR-US: wire-ios (iOS version of Wire)
 CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
-	TODO: check
+	NOT-FOR-US: wire-ios (iOS version of Wire)
 CVE-2021-32664
 	RESERVED
 CVE-2021-32663
@@ -14756,7 +14756,7 @@ CVE-2021-27659
 CVE-2021-27658
 	RESERVED
 CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls Metasys
 CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
 	NOT-FOR-US: exacqVision Web Service
 CVE-2021-27655
@@ -16230,7 +16230,7 @@ CVE-2021-26996
 CVE-2021-26995
 	RESERVED
 CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...)
-	TODO: check
+	NOT-FOR-US: Clustered Data ONTAP (NetApp)
 CVE-2021-26993
 	RESERVED
 CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
@@ -26791,7 +26791,7 @@ CVE-2021-22518
 CVE-2021-22517
 	RESERVED
 CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Secure API Manager
 CVE-2021-22515
 	RESERVED
 CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
@@ -27150,15 +27150,15 @@ CVE-2021-22339 (There is a denial of service vulnerability in some versions of M
 CVE-2021-22338
 	RESERVED
 CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit vulnerability in Hua ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability in Huawei ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...)
 	NOT-FOR-US: CloudEngine (Huawei)
 CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...)
@@ -28962,13 +28962,13 @@ CVE-2020-36144 (Redash 8.0.0 is affected by LDAP Injection. There is an informat
 CVE-2020-36143
 	RESERVED
 CVE-2020-36142 (BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserti ...)
-	TODO: check
+	NOT-FOR-US: BloofoxCMS
 CVE-2020-36141 (BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via b ...)
-	TODO: check
+	NOT-FOR-US: BloofoxCMS
 CVE-2020-36140 (BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode= ...)
-	TODO: check
+	NOT-FOR-US: BloofoxCMS
 CVE-2020-36139 (BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnera ...)
-	TODO: check
+	NOT-FOR-US: BloofoxCMS
 CVE-2020-36138
 	RESERVED
 CVE-2020-36137
@@ -29242,17 +29242,17 @@ CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS
 CVE-2020-36010
 	RESERVED
 CVE-2020-36009 (OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OBottle
 CVE-2020-36008 (OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OBottle
 CVE-2020-36007 (AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripti ...)
-	TODO: check
+	NOT-FOR-US: AppCMS
 CVE-2020-36006 (AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulne ...)
-	TODO: check
+	NOT-FOR-US: AppCMS
 CVE-2020-36005 (AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulner ...)
-	TODO: check
+	NOT-FOR-US: AppCMS
 CVE-2020-36004 (AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulner ...)
-	TODO: check
+	NOT-FOR-US: AppCMS
 CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...)
 	NOT-FOR-US: Online Book Store
 CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...)
@@ -29323,13 +29323,13 @@ CVE-2020-35975
 CVE-2020-35974
 	RESERVED
 CVE-2020-35973 (An issue was discovered in zzcms2020. There is a XSS vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2020-35972 (An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-35971 (A storage XSS vulnerability is found in YzmCMS v5.8, which can be used ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-35970 (An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-35969
 	RESERVED
 CVE-2020-35968
@@ -39626,9 +39626,9 @@ CVE-2021-1566
 CVE-2021-1565
 	RESERVED
 CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco Discovery  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1562
 	RESERVED
 CVE-2021-1561
@@ -39666,7 +39666,7 @@ CVE-2021-1546
 CVE-2021-1545
 	RESERVED
 CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1543
 	RESERVED
 CVE-2021-1542
@@ -39674,15 +39674,15 @@ CVE-2021-1542
 CVE-2021-1541
 	RESERVED
 CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common Service ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes Record ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1534
@@ -39698,13 +39698,13 @@ CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco Br
 CVE-2021-1529
 	RESERVED
 CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1524
 	RESERVED
 CVE-2021-1523
@@ -39720,7 +39720,7 @@ CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel o
 CVE-2021-1518
 	RESERVED
 CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex Meetin ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
@@ -39748,9 +39748,9 @@ CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could a
 CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1500



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97af35a97049c2f3d62cc322f355751c31c42010

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97af35a97049c2f3d62cc322f355751c31c42010
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210604/a8827403/attachment.htm>

More information about the debian-security-tracker-commits mailing list