[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Mar 1 08:34:02 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c6ce967 by Salvatore Bonaccorso at 2021-03-01T09:33:22+01:00
Process some NFUs

- - - - -
c850aa28 by Salvatore Bonaccorso at 2021-03-01T09:33:37+01:00
Add CVE-2020-28646/owncloud

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1240,7 +1240,7 @@ CVE-2021-27227
 CVE-2021-27226
 	RESERVED
 CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in the Jupyte ...)
-	TODO: check
+	NOT-FOR-US: Dataiku DSS
 CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...)
 	NOT-FOR-US: WPG plugin for IrfanView
 CVE-2021-27223
@@ -9138,7 +9138,7 @@ CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A lo
 CVE-2021-3125
 	RESERVED
 CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...)
-	TODO: check
+	NOT-FOR-US: WordPress Plugin Custom Global Variables
 CVE-2021-3123
 	RESERVED
 CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...)
@@ -13104,7 +13104,7 @@ CVE-2021-3012
 CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)
 	NOT-FOR-US: NXP
 CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...)
-	TODO: check
+	NOT-FOR-US: OpenText Content Server
 CVE-2021-3009
 	RESERVED
 CVE-2021-3008
@@ -24097,7 +24097,7 @@ CVE-2020-28648 (Improper input validation in the Auto-Discovery component of Nag
 CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user could craf ...)
 	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2020-28646 (ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop  ...)
-	TODO: check
+	- owncloud <removed>
 CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...)
 	- owncloud <removed>
 CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...)
@@ -27777,7 +27777,7 @@ CVE-2020-28201
 CVE-2020-28200
 	RESERVED
 CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive  ...)
-	TODO: check
+	NOT-FOR-US: Amazon Pay Plugin for Shopware
 CVE-2020-28198
 	RESERVED
 CVE-2020-28197
@@ -33121,7 +33121,7 @@ CVE-2020-26202
 CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak pass ...)
 	NOT-FOR-US: Askey
 CVE-2020-26200 (A component of Kaspersky custom boot loader allowed loading of untrust ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky products
 CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
 	NOT-FOR-US: EMC
 CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a  ...)
@@ -36745,7 +36745,7 @@ CVE-2020-24688
 CVE-2020-24687
 	RESERVED
 CVE-2020-24686 (The vulnerabilities can be exploited to cause the web visualization co ...)
-	TODO: check
+	NOT-FOR-US: ABB AC500 V2 products
 CVE-2020-24685 (An unauthenticated specially crafted packet sent by an attacker over t ...)
 	NOT-FOR-US: ABB
 CVE-2020-24684
@@ -121685,7 +121685,7 @@ CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A v
 CVE-2019-11685
 	RESERVED
 CVE-2019-11684 (Improper Access Control in the RCP+ server of the Bosch Video Recordin ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel  ...)
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5833afdbfe92c03d6e4a8ca7d9dae0530d97760e...c850aa289fdd44155f2dcddf23c00c7368dc7ffa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5833afdbfe92c03d6e4a8ca7d9dae0530d97760e...c850aa289fdd44155f2dcddf23c00c7368dc7ffa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210301/dab5a350/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list