[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 11 20:20:27 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72799a73 by Salvatore Bonaccorso at 2021-03-11T21:20:04+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2021-3428
 CVE-2021-28145
 	RESERVED
 CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-28143
 	RESERVED
 CVE-2021-28142
 	RESERVED
 CVE-2021-28141 (An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1 ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2021-28140
 	RESERVED
 CVE-2021-28139
@@ -207,7 +207,7 @@ CVE-2021-21381 (Flatpak is a system for building, distributing, and running sand
 	NOTE: https://github.com/flatpak/flatpak/issues/4146
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
 CVE-2021-28088 (Cross-site scripting (XSS) in modules/content/admin/content.php in Imp ...)
-	TODO: check
+	NOT-FOR-US: ImpressCMS
 CVE-2021-28087
 	RESERVED
 CVE-2021-28086
@@ -1089,11 +1089,11 @@ CVE-2021-27681
 CVE-2021-27680
 	RESERVED
 CVE-2021-27679 (Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS  ...)
-	TODO: check
+	NOT-FOR-US: Batflat CMS
 CVE-2021-27678 (Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1. ...)
-	TODO: check
+	NOT-FOR-US: Batflat CMS
 CVE-2021-27677 (Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1 ...)
-	TODO: check
+	NOT-FOR-US: Batflat CMS
 CVE-2021-27676
 	RESERVED
 CVE-2021-27675
@@ -2396,15 +2396,15 @@ CVE-2021-27087
 CVE-2021-27086
 	RESERVED
 CVE-2021-27085 (Internet Explorer Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27084 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27083 (Remote Development Extension for Visual Studio Code Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27082 (Quantum Development Kit for Visual Studio Code Remote Code Execution V ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27081 (Visual Studio Code ESLint Extension Remote Code Execution Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27080 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
 	TODO: check
 CVE-2021-27079
@@ -2412,9 +2412,9 @@ CVE-2021-27079
 CVE-2021-27078 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-27077 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27076 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27075 (Azure Virtual Machine Information Disclosure Vulnerability ...)
 	TODO: check
 CVE-2021-27074 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
@@ -2426,7 +2426,7 @@ CVE-2021-27072
 CVE-2021-27071
 	RESERVED
 CVE-2021-27070 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27069
 	RESERVED
 CVE-2021-27068
@@ -2434,35 +2434,35 @@ CVE-2021-27068
 CVE-2021-27067
 	RESERVED
 CVE-2021-27066 (Windows Admin Center Security Feature Bypass Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27065 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-27064
 	RESERVED
 CVE-2021-27063 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27062 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID  ...)
 	TODO: check
 CVE-2021-27061 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID  ...)
 	TODO: check
 CVE-2021-27060 (Visual Studio Code Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27059 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27058 (Microsoft Office ClickToRun Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27057 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27056 (Microsoft PowerPoint Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27055 (Microsoft Visio Security Feature Bypass Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27054 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27053 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27052 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-27051 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID  ...)
 	TODO: check
 CVE-2021-27050 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID  ...)
@@ -2828,91 +2828,91 @@ CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text'].
 CVE-2021-26902 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID  ...)
 	TODO: check
 CVE-2021-26901 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26900 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26899 (Windows UPnP Device Host Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26898 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26897 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26896 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26895 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26894 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26893 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26892 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26891 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26890 (Application Virtualization Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26889 (Windows Update Stack Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26888
 	RESERVED
 CVE-2021-26887 (Microsoft Windows Folder Redirection Elevation of Privilege Vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26886 (User Profile Service Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26885 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26884 (Windows Media Photo Codec Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26883
 	RESERVED
 CVE-2021-26882 (Remote Access API Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26881 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26880 (Storage Spaces Controller Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26879 (Windows NAT Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26878 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26877 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26876 (OpenType Font Parsing Remote Code Execution Vulnerability ...)
 	TODO: check
 CVE-2021-26875 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26874 (Windows Overlay Filter Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26873 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26872 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26871 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26870 (Windows Projected File System Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26869 (Windows ActiveX Installer Service Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26868 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26867 (Windows Hyper-V Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26866 (Windows Update Service Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26865 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26864 (Windows Virtual Registry Provider Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26863 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26862 (Windows Installer Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26861 (Windows Graphics Component Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26860 (Windows App-V Overlay Filter Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26859 (Microsoft Power BI Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26858 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26857 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
@@ -3119,7 +3119,7 @@ CVE-2021-26778
 CVE-2021-26777
 	RESERVED
 CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: CSZ CMS
 CVE-2021-26775
 	RESERVED
 CVE-2021-26774
@@ -4011,7 +4011,7 @@ CVE-2021-26413
 CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26410
 	RESERVED
 CVE-2021-26409
@@ -9350,13 +9350,13 @@ CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulner
 CVE-2021-24108 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
 	TODO: check
 CVE-2021-24107 (Windows Event Tracing Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-24104 (Microsoft SharePoint Spoofing Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
@@ -9374,7 +9374,7 @@ CVE-2021-24097
 CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-24095 (DirectX Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...)
@@ -9384,7 +9384,7 @@ CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...)
 CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-24090 (Windows Error Reporting Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24089 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID  ...)
 	TODO: check
 CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72799a73adf42acaa840630dc18aaac739ea75fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72799a73adf42acaa840630dc18aaac739ea75fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210311/4d5cae5b/attachment.htm>


More information about the debian-security-tracker-commits mailing list