[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 18 21:26:02 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9260c7ec by Salvatore Bonaccorso at 2021-06-18T22:25:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -496,7 +496,7 @@ CVE-2021-34817
 CVE-2021-34816
 	RESERVED
 CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...)
-	TODO: check
+	NOT-FOR-US: CheckSec Canopy
 CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...)
 	- civicrm 5.28.4+dfsg1-1
 	NOTE: https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form
@@ -545,7 +545,7 @@ CVE-2021-34799
 CVE-2021-34798
 	RESERVED
 CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
-	TODO: check
+	NOT-FOR-US: Secure 8 (Evalos)
 CVE-2021-34797
 	RESERVED
 CVE-2021-34796
@@ -2681,19 +2681,19 @@ CVE-2021-33826
 CVE-2021-33825
 	RESERVED
 CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
-	TODO: check
+	NOT-FOR-US: MOXA
 CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
-	TODO: check
+	NOT-FOR-US: MOXA
 CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...)
-	TODO: check
+	NOT-FOR-US: 4GEE ROUTER HH70VB
 CVE-2021-33821
 	RESERVED
 CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
-	TODO: check
+	NOT-FOR-US: UniFi Protect G3 FLEX Camera
 CVE-2021-33819
 	RESERVED
 CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
-	TODO: check
+	NOT-FOR-US: UniFi Protect G3 FLEX Camera
 CVE-2021-33817
 	RESERVED
 CVE-2021-33816
@@ -3283,9 +3283,9 @@ CVE-2021-33579
 CVE-2021-33578
 	RESERVED
 CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...)
-	TODO: check
+	NOT-FOR-US: Cleo LexiCom
 CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...)
-	TODO: check
+	NOT-FOR-US: Cleo LexiCom
 CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
 	NOT-FOR-US: ruby-jss gem
 CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32  ...)
@@ -4707,11 +4707,11 @@ CVE-2021-32958
 CVE-2021-32957
 	RESERVED
 CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2021-32955
 	RESERVED
 CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a  ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2021-32953
 	RESERVED
 CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure  ...)
@@ -5654,7 +5654,7 @@ CVE-2021-32538
 CVE-2021-32537
 	RESERVED
 CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...)
-	TODO: check
+	NOT-FOR-US: MCUsystem
 CVE-2021-32535
 	RESERVED
 CVE-2021-32534
@@ -5923,11 +5923,11 @@ CVE-2021-32428
 CVE-2021-32427
 	RESERVED
 CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...)
-	TODO: check
+	NOT-FOR-US: TrendNet TW100-S4W1CA
 CVE-2021-32425
 	RESERVED
 CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session contr ...)
-	TODO: check
+	NOT-FOR-US: TrendNet TW100-S4W1CA
 CVE-2021-32423
 	RESERVED
 CVE-2021-32422
@@ -26713,9 +26713,9 @@ CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a refle
 CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
 	NOT-FOR-US: Bosch
 CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear  ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23844
 	RESERVED
 CVE-2021-23843
@@ -30784,7 +30784,7 @@ CVE-2021-21999
 CVE-2021-21998
 	RESERVED
 CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-21996
 	RESERVED
 CVE-2021-21995
@@ -31242,7 +31242,7 @@ CVE-2021-21779
 CVE-2021-21778
 	RESERVED
 CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP  ...)
-	TODO: check
+	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
 	NOT-FOR-US: ImageGear
 CVE-2021-21775
@@ -31467,7 +31467,7 @@ CVE-2021-21671
 CVE-2021-21670
 	RESERVED
 CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Generic Webhook Trigger Plugin
 CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9260c7ec7f00c7b8327942714f4d4a8a055daba1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9260c7ec7f00c7b8327942714f4d4a8a055daba1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210618/a6a7c321/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list