[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 24 22:18:29 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf6a50ae by Salvatore Bonaccorso at 2021-06-24T23:17:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4771,7 +4771,7 @@ CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. T
 CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
 	NOT-FOR-US: JPress
 CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2021-33345
 	RESERVED
 CVE-2021-33344
@@ -5578,15 +5578,15 @@ CVE-2021-33006
 CVE-2021-33005
 	RESERVED
 CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due  ...)
-	TODO: check
+	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-33003
 	RESERVED
 CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds  ...)
-	TODO: check
+	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-33001
 	RESERVED
 CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
-	TODO: check
+	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-32999
 	RESERVED
 CVE-2021-32998
@@ -6207,7 +6207,7 @@ CVE-2021-32711
 CVE-2021-32710
 	RESERVED
 CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...)
 	TODO: check
 CVE-2021-32707
@@ -18589,9 +18589,9 @@ CVE-2021-27661
 CVE-2021-27660
 	RESERVED
 CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter,  ...)
-	TODO: check
+	NOT-FOR-US: exacqVision Web Service
 CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...)
-	TODO: check
+	NOT-FOR-US: exacqVision Enterprise Manager
 CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...)
 	NOT-FOR-US: Johnson Controls Metasys
 CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
@@ -21079,7 +21079,7 @@ CVE-2021-26587
 CVE-2021-26586
 	RESERVED
 CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
 	NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC)
 CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...)
@@ -22780,7 +22780,7 @@ CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to St
 CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
 	NOT-FOR-US: GoCD
 CVE-2021-25923 (In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password  ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...)
 	NOT-FOR-US: OpenEMR
 CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross ...)
@@ -23620,21 +23620,21 @@ CVE-2021-25658
 CVE-2021-25657
 	RESERVED
 CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2021-25654
 	RESERVED
 CVE-2021-25653 (A privilege escalation vulnerability was discovered in Avaya Aura Appl ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2021-25652 (An information disclosure vulnerability was discovered in the director ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2021-25651 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2021-25650 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2021-25649 (** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...)
 	NOT-FOR-US: Mobile application "Testes de Codigo"
 CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
@@ -32327,7 +32327,7 @@ CVE-2021-21739
 CVE-2021-21738
 	RESERVED
 CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...)
@@ -32660,13 +32660,13 @@ CVE-2021-21576
 CVE-2021-21575
 	RESERVED
 CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21572 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21571 (Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature a ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21570
 	RESERVED
 CVE-2021-21569
@@ -62498,17 +62498,17 @@ CVE-2020-21790
 CVE-2020-21789
 	RESERVED
 CVE-2020-21788 (In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side ...)
-	TODO: check
+	NOT-FOR-US: CRMEB
 CVE-2020-21787 (CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/se ...)
-	TODO: check
+	NOT-FOR-US: CRMEB
 CVE-2020-21786 (In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /syst ...)
-	TODO: check
+	NOT-FOR-US: IBOS
 CVE-2020-21785 (In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: IBOS
 CVE-2020-21784 (phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setu ...)
-	TODO: check
+	NOT-FOR-US: phpwcms
 CVE-2020-21783 (In IBOS 4.5.4 the email function has a cross site scripting (XSS) vuln ...)
-	TODO: check
+	NOT-FOR-US: IBOS
 CVE-2020-21782
 	RESERVED
 CVE-2020-21781



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6a50ae9d19ce7ac25668485e9f4fe95cb556dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6a50ae9d19ce7ac25668485e9f4fe95cb556dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210624/932b8366/attachment.htm>

More information about the debian-security-tracker-commits mailing list