[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 18 20:38:51 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17a0198a by Salvatore Bonaccorso at 2021-03-18T21:38:27+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10819,13 +10819,13 @@ CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team Member
 CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffiliates ...)
 	NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin
 CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...)
-	TODO: check
+	NOT-FOR-US: Envira Gallery Lite WordPress plugin
 CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin, ve ...)
-	TODO: check
+	NOT-FOR-US: Contact Form Submissions WordPress plugin
 CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP Shieldon WordP ...)
-	TODO: check
+	NOT-FOR-US: WP Shieldon WordPress plugin
 CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin, versions bef ...)
-	TODO: check
+	NOT-FOR-US: PowerPress WordPress plugin
 CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...)
 	{DLA-2594-1}
 	- tomcat9 9.0.40-1 (unimportant)
@@ -13570,9 +13570,9 @@ CVE-2021-22862 (An improper access control vulnerability was identified in GitHu
 CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...)
 	NOT-FOR-US: GitHub Enterprise
 CVE-2021-22860 (EIC e-document system does not perform completed identity verification ...)
-	TODO: check
+	NOT-FOR-US: EIC e-document system
 CVE-2021-22859 (The users’ data querying function of EIC e-document system does  ...)
-	TODO: check
+	NOT-FOR-US: EIC e-document system
 CVE-2021-22858 (Attackers can access the CGE account management function without privi ...)
 	NOT-FOR-US: CGE
 CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...)
@@ -13594,7 +13594,7 @@ CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pa
 CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...)
 	NOT-FOR-US: Hyweb HyCMS-J1
 CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers can inje ...)
-	TODO: check
+	NOT-FOR-US: HGiga MailSherlock
 CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...)
 	NOT-FOR-US: Hyweb HyCMS-J1
 CVE-2021-22846
@@ -14114,7 +14114,7 @@ CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due
 CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
 	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2021-22664
 	RESERVED
 CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
@@ -19806,13 +19806,13 @@ CVE-2021-20680
 CVE-2021-20679
 	RESERVED
 CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...)
-	TODO: check
+	NOT-FOR-US: Paid Memberships Pro
 CVE-2021-20677
 	RESERVED
 CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
-	TODO: check
+	NOT-FOR-US: M-System
 CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
-	TODO: check
+	NOT-FOR-US: M-System
 CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...)
 	NOT-FOR-US: MagicConnect client
 CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
@@ -19894,27 +19894,27 @@ CVE-2021-20636 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W
 CVE-2021-20635 (Improper restriction of excessive authentication attempts in LOGITEC L ...)
 	NOT-FOR-US: LOGITEC
 CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu Office 1 ...)
-	TODO: check
+	NOT-FOR-US: Custom App of Cybozu Office
 CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu Office 10.0 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20631 (Improper input validation vulnerability in Custom App of Cybozu Office ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20630 (Improper access control vulnerability in Phone Messages of Cybozu Offi ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu Office 10. ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu Office 10 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...)
 	NOT-FOR-US: Video Insight VMS
 CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
@@ -35906,7 +35906,7 @@ CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's title
 CVE-2020-26156
 	REJECTED
 CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31 ...)
-	TODO: check
+	NOT-FOR-US: Utimaco SecurityServer
 CVE-2020-26153
 	RESERVED
 CVE-2020-26152
@@ -54129,7 +54129,7 @@ CVE-2020-17459
 CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...)
 	NOT-FOR-US: MultiUx
 CVE-2020-17457 (Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticate ...)
-	TODO: check
+	NOT-FOR-US: Fujitsu
 CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
 	NOT-FOR-US: SEOWON INTECH
 CVE-2020-17455
@@ -61164,7 +61164,7 @@ CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written
 CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All versions p ...)
 	NOT-FOR-US: CodeMeter
 CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense update f ...)
 	NOT-FOR-US: CodeMeter
 CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...)
@@ -102846,15 +102846,15 @@ CVE-2019-18237
 CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
 	NOT-FOR-US: PLC Editor
 CVE-2019-18235 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient  ...)
-	TODO: check
+	NOT-FOR-US: Advantech Spectre RT ERT351
 CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...)
 	NOT-FOR-US: Equinox Control Expert
 CVE-2019-18233 (In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the ...)
-	TODO: check
+	NOT-FOR-US: Advantech Spectre RT Industrial Routers ERT351
 CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...)
 	NOT-FOR-US: SafeNet Sentinel LDK License Manager
 CVE-2019-18231 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwo ...)
-	TODO: check
+	NOT-FOR-US: Advantech Spectre RT ERT351
 CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions,  ...)
 	NOT-FOR-US: Honeywell
 CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitizati ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a0198a55df340e01c545d02b7bb613d72dea84

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a0198a55df340e01c545d02b7bb613d72dea84
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210318/27cb1669/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list