[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Mar 10 20:22:50 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bceb5575 by Salvatore Bonaccorso at 2021-03-10T21:22:22+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -314,7 +314,7 @@ CVE-2021-28009
 CVE-2021-28008
 	RESERVED
 CVE-2021-28007 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
-	TODO: check
+	NOT-FOR-US: Web Based Quiz System
 CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
 	NOT-FOR-US: Web Based Quiz System
 CVE-2021-28005
@@ -5395,7 +5395,7 @@ CVE-2021-3226
 CVE-2021-3225
 	RESERVED
 CVE-2021-3224 (A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exis ...)
-	TODO: check
+	NOT-FOR-US: cszcms
 CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...)
 	NOT-FOR-US: Node-RED-Dashboard
 CVE-2021-3222
@@ -9437,7 +9437,7 @@ CVE-2021-24034
 CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
 	NOT-FOR-US: react-dev-utils
 CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...)
-	TODO: check
+	NOT-FOR-US: Facebook Gameroom
 CVE-2021-24029
 	RESERVED
 CVE-2021-24028
@@ -11383,7 +11383,7 @@ CVE-2021-3036
 CVE-2021-3035
 	RESERVED
 CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...)
-	TODO: check
+	NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks)
 CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo  ...)
@@ -15955,7 +15955,7 @@ CVE-2020-35754 (OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an
 CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...)
 	NOT-FOR-US: Persis Human Resource Management Portal
 CVE-2020-35752 (Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulne ...)
-	TODO: check
+	NOT-FOR-US: Baby Care System
 CVE-2020-35751
 	RESERVED
 CVE-2020-35750
@@ -18198,19 +18198,19 @@ CVE-2021-20675
 CVE-2021-20674
 	RESERVED
 CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20671 (Invalid file validation on the upload feature in GROWI versions v4.2.2 ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20670 (Improper access control vulnerability in GROWI versions v4.2.2 and ear ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20669 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20668 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20667 (Stored cross-site scripting vulnerability due to inadequate CSP (Conte ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-20666
 	RESERVED
 CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents  ...)
@@ -20612,33 +20612,33 @@ CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.mi
 CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrato ...)
 	NOT-FOR-US: WordPress plugin easy-wp-smtp
 CVE-2020-35233 (The TFTP server fails to handle multiple connections on NETGEAR JGS516 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35232 (The TFTP firmware update mechanism on NETGEAR JGS516PE/GS116Ev2 v2.6.0 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35231 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35230 (Multiple integer overflow parameters were found in the web administrat ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35229 (The authentication token required to execute NSDP write requests on NE ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35228 (A cross-site scripting (XSS) vulnerability in the administration web p ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35227 (A buffer overflow vulnerability in the access control section on NETGE ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35226 (NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated user ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35225 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35224 (A buffer overflow vulnerability in the NSDP protocol authentication me ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35223 (The CSRF protection mechanism implemented in the web administration pa ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35222 (The NSDP protocol version implemented on NETGEAR JGS516PE/GS116Ev2 v2. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35221 (The hashing algorithm implemented for NSDP password authentication on  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35220 (A TFTP server was found to be active by default on NETGEAR JGS516PE/GS ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-35219 (The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to acce ...)
 	NOT-FOR-US: ASUS
 CVE-2020-35218
@@ -23107,7 +23107,7 @@ CVE-2021-1642 (Windows AppX Deployment Extensions Elevation of Privilege Vulnera
 CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-1640 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
@@ -24924,7 +24924,7 @@ CVE-2020-28707 (The Stockdio Historical Chart plugin before 2.8.1 for WordPress
 CVE-2020-28706
 	RESERVED
 CVE-2020-28705 (FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: FUEL CMS
 CVE-2020-28704
 	RESERVED
 CVE-2020-28703



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb55751db1a2fa4064d468870e132c99360da6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb55751db1a2fa4064d468870e132c99360da6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210310/0a2c2759/attachment.htm>

More information about the debian-security-tracker-commits mailing list