[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Mar 7 08:20:06 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38bf60c7 by Salvatore Bonaccorso at 2021-03-07T09:19:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1002,7 +1002,7 @@ CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, a
 CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...)
 	NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
 CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Kentico CMS
 CVE-2021-27580
 	RESERVED
 CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on  ...)
@@ -1702,13 +1702,13 @@ CVE-2021-27259
 CVE-2021-27258
 	RESERVED
 CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2021-27253
 	RESERVED
 CVE-2021-27252
@@ -2062,9 +2062,9 @@ CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection
 CVE-2021-27100
 	RESERVED
 CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the  ...)
-	TODO: check
+	NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
 CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 ...)
-	TODO: check
+	NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
 CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
 	- u-boot <unfixed> (bug #983270)
 	[buster] - u-boot <no-dsa> (Minor issue)
@@ -2731,7 +2731,7 @@ CVE-2021-26816
 CVE-2021-26815
 	RESERVED
 CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
 	- python-markdown2 <unfixed> (bug #984668)
 	[buster] - python-markdown2 <no-dsa> (Minor issue)
@@ -6357,13 +6357,13 @@ CVE-2021-25345 (Graphic format mismatch while converting video format in hwcompo
 CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021  ...)
 	TODO: check
 CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...)
 	TODO: check
 CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...)
 	TODO: check
 CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior  ...)
@@ -20243,7 +20243,7 @@ CVE-2020-35298
 CVE-2020-35297
 	RESERVED
 CVE-2020-35296 (ThinkAdmin v6 has default administrator credentials, which allows atta ...)
-	TODO: check
+	NOT-FOR-US: ThinkAdmin
 CVE-2020-35295
 	RESERVED
 CVE-2020-35294



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bf60c77f89703396a32881fde4c4a73a333fdf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38bf60c77f89703396a32881fde4c4a73a333fdf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210307/9797638a/attachment.htm>

More information about the debian-security-tracker-commits mailing list