[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 29 21:44:31 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c4f152e by Salvatore Bonaccorso at 2021-06-29T22:44:06+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15071,7 +15071,7 @@ CVE-2021-29487
 CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
 	NOT-FOR-US: Node cumulative-distribution-function
 CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: Ratpack
 CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...)
 	NOT-FOR-US: Ghost CMS
 CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig'  ...)
@@ -15081,11 +15081,11 @@ CVE-2021-29482 (xz is a compression and decompression library focusing on the xz
 	NOTE: https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
 	NOTE: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
 CVE-2021-29481 (Ratpack is a toolkit for creating web applications. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: Ratpack
 CVE-2021-29480 (Ratpack is a toolkit for creating web applications. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: Ratpack
 CVE-2021-29479 (Ratpack is a toolkit for creating web applications. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: Ratpack
 CVE-2021-29478 (Redis is an open source (BSD licensed), in-memory data structure store ...)
 	- redis 5:6.0.13-1 (bug #988045)
 	[buster] - redis <not-affected> (Vulnerable code not present)
@@ -31817,7 +31817,7 @@ CVE-2021-22441
 CVE-2021-22440
 	RESERVED
 CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22438
 	RESERVED
 CVE-2021-22437
@@ -32015,11 +32015,11 @@ CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A
 CVE-2021-22341
 	RESERVED
 CVE-2021-22340 (There is a multiple threads race condition vulnerability in Huawei pro ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22339 (There is a denial of service vulnerability in some versions of ManageO ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22338 (There is an XXE injection vulnerability in eCNS280 V100R005C00 and V10 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
@@ -32037,7 +32037,7 @@ CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei
 CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei Smartphone HUA ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22329 (There has a license management vulnerability in some Huawei products.  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22328
 	RESERVED
 CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...)
@@ -33034,7 +33034,7 @@ CVE-2021-21873
 CVE-2021-21872
 	RESERVED
 CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
-	TODO: check
+	NOT-FOR-US: PowerISO
 CVE-2021-21870
 	RESERVED
 CVE-2021-21869
@@ -38861,9 +38861,9 @@ CVE-2021-20102 (Machform prior to version 16 is vulnerable to cross-site request
 CVE-2021-20101 (Machform prior to version 16 is vulnerable to HTTP host header injecti ...)
 	TODO: check
 CVE-2021-20100 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
-	TODO: check
+	NOT-FOR-US: Nessus Agent
 CVE-2021-20099 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
-	TODO: check
+	NOT-FOR-US: Nessus Agent
 CVE-2021-20098
 	RESERVED
 CVE-2021-20097
@@ -38903,7 +38903,7 @@ CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk
 CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...)
 	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2021-20079 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...)
 	NOT-FOR-US: Manage Engine OpManager
 CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...)
@@ -45384,7 +45384,7 @@ CVE-2021-1136 (Multiple vulnerabilities in Cisco Network Convergence System (NCS
 CVE-2021-1135 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1134 (A vulnerability in the Cisco Identity Services Engine (ISE) integratio ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1132
@@ -59497,7 +59497,7 @@ CVE-2020-23717
 CVE-2020-23716
 	RESERVED
 CVE-2020-23715 (Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the ...)
-	TODO: check
+	NOT-FOR-US: Webport
 CVE-2020-23714
 	RESERVED
 CVE-2020-23713
@@ -59505,7 +59505,7 @@ CVE-2020-23713
 CVE-2020-23712
 	RESERVED
 CVE-2020-23711 (SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET ...)
-	TODO: check
+	NOT-FOR-US: NavigateCMS
 CVE-2020-23710 (Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbo ...)
 	TODO: check
 CVE-2020-23709
@@ -61724,9 +61724,9 @@ CVE-2020-22611
 CVE-2020-22610
 	RESERVED
 CVE-2020-22609 (Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket befor ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2020-22608 (Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.1 ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2020-22607 (Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the  ...)
 	TODO: check
 CVE-2020-22606
@@ -64262,7 +64262,7 @@ CVE-2020-21396
 CVE-2020-21395
 	RESERVED
 CVE-2020-21394 (SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB ma ...)
-	TODO: check
+	NOT-FOR-US: CRMEB mall system
 CVE-2020-21393
 	RESERVED
 CVE-2020-21392
@@ -64766,7 +64766,7 @@ CVE-2020-21144
 CVE-2020-21143
 	RESERVED
 CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire  ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2020-21141
 	RESERVED
 CVE-2020-21140
@@ -65783,7 +65783,7 @@ CVE-2020-20642
 CVE-2020-20641
 	RESERVED
 CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security ...)
-	TODO: check
+	NOT-FOR-US: ECShop
 CVE-2020-20639
 	RESERVED
 CVE-2020-20638



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4f152e4d2db3a181e780ce66cefd951e7e5bcb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4f152e4d2db3a181e780ce66cefd951e7e5bcb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210629/6467e0eb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list