[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 15 09:23:41 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a47100d by Moritz Muehlenhoff at 2021-06-15T10:23:22+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4464,7 +4464,7 @@ CVE-2021-32686
 CVE-2021-32685
 	RESERVED
 CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)
-	TODO: check
+	NOT-FOR-US: Create Magento app
 CVE-2021-32683
 	RESERVED
 CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...)
@@ -16258,7 +16258,7 @@ CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 v
 CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off  ...)
 	NOT-FOR-US: ZendTo
 CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...)
-	TODO: check
+	NOT-FOR-US: Ellipse APM
 CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...)
 	NOT-FOR-US: rakibtg Docker Dashboard
 CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...)
@@ -17797,7 +17797,7 @@ CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server throug
 CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
 	NOT-FOR-US: Pelco Digital Sentry Server
 CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...)
 	NOT-FOR-US: Netop Vision Pro
 CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...)
@@ -18614,7 +18614,7 @@ CVE-2021-26847
 CVE-2021-26846
 	RESERVED
 CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-26844
 	RESERVED
 CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...)
@@ -29555,7 +29555,7 @@ CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE ver
 CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
 	- wireshark 3.4.3-1 (bug #981791)
 	[buster] - wireshark <not-affected> (Affected code not present)
@@ -30847,13 +30847,13 @@ CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4,
 CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...)
 	NOT-FOR-US: EMC
 CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21553
 	RESERVED
 CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...)
@@ -36424,7 +36424,7 @@ CVE-2021-20029
 CVE-2021-20028
 	RESERVED
 CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier  ...)
@@ -41417,7 +41417,7 @@ CVE-2020-28715
 CVE-2020-28714
 	RESERVED
 CVE-2020-28713 (Incorrect access control in push notification service in Night Owl Sma ...)
-	TODO: check
+	NOT-FOR-US: Night Owl Smart Doorbell
 CVE-2020-28712
 	RESERVED
 CVE-2020-28711
@@ -48044,7 +48044,7 @@ CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEdi
 CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...)
 	NOT-FOR-US: Guild Wars 2 launcher
 CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...)
-	TODO: check
+	NOT-FOR-US: Battle.Net
 CVE-2020-27382
 	RESERVED
 CVE-2020-27381
@@ -50075,11 +50075,11 @@ CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write w
 CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers to cond ...)
 	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-26517 (A cross-site scripting (XSS) issue was discovered in Intland codeBeame ...)
-	TODO: check
+	NOT-FOR-US: intland codeBeamer
 CVE-2020-26516 (A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10. ...)
-	TODO: check
+	NOT-FOR-US: intland codeBeamer
 CVE-2020-26515 (An insufficiently protected credentials issue was discovered in Intlan ...)
-	TODO: check
+	NOT-FOR-US: intland codeBeamer
 CVE-2020-26514
 	RESERVED
 CVE-2020-26513 (An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP ...)
@@ -54557,7 +54557,7 @@ CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.
 CVE-2020-24663 (Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnera ...)
 	NOT-FOR-US: Trace Financial CRESTBridge
 CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...)
-	TODO: check
+	NOT-FOR-US: SmartStream Transaction Lifecycle Management
 CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...)
 	- geary 3.38.0.1-1
 	[buster] - geary <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a47100d7aacfc6eaccfea2a98fb587401a9a37c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a47100d7aacfc6eaccfea2a98fb587401a9a37c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210615/8a602884/attachment.htm>

More information about the debian-security-tracker-commits mailing list