[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Mar 19 08:56:44 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa6c5470 by Salvatore Bonaccorso at 2021-03-19T09:53:41+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -375,7 +375,7 @@ CVE-2021-28655
 CVE-2021-28654
 	RESERVED
 CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital G-Technolo ...)
-	TODO: check
+	NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology ArmorLock NVMe SSD
 CVE-2021-28652
 	RESERVED
 CVE-2021-28651
@@ -1430,7 +1430,7 @@ CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the not
 CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-28160 (Reflected XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 ...)
-	TODO: check
+	NOT-FOR-US: Acexy (BoyaMicro) Wireless-N WiFi Repeater
 CVE-2021-28159
 	RESERVED
 CVE-2021-28158
@@ -1549,7 +1549,7 @@ CVE-2021-28128
 CVE-2021-28127
 	RESERVED
 CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...)
-	TODO: check
+	NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
 CVE-2021-28125
 	RESERVED
 CVE-2021-28124
@@ -1590,9 +1590,9 @@ CVE-2021-28112
 CVE-2021-28111
 	RESERVED
 CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...)
-	TODO: check
+	NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
 CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...)
-	TODO: check
+	NOT-FOR-US: TranzWare (POI) FIMI
 CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier Authent ...)
 	- courier-authlib 0.71.1-2 (bug #984810)
 	NOTE: Re-introduction of #378571 while migrating from debian/permissions to
@@ -3137,7 +3137,7 @@ CVE-2021-27438
 CVE-2021-27437
 	RESERVED
 CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: WebAccess/SCADA
 CVE-2021-27435
 	RESERVED
 CVE-2021-27434
@@ -3624,7 +3624,7 @@ CVE-2021-27223
 CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...)
 	NOT-FOR-US: "Time in Status" app
 CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...)
-	TODO: check
+	NOT-FOR-US: MikroTik RouterOS
 CVE-2021-27220
 	RESERVED
 CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
@@ -21842,11 +21842,11 @@ CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow,
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
 	NOTE: Upstream position is that it is not realistically a security issue.
 CVE-2020-35456 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
-	TODO: check
+	NOT-FOR-US: Taidii Diibear Android application
 CVE-2020-35455 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
-	TODO: check
+	NOT-FOR-US: Taidii Diibear Android application
 CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
-	TODO: check
+	NOT-FOR-US: Taidii Diibear Android application
 CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2020-35452
@@ -27425,7 +27425,7 @@ CVE-2021-1289 (Multiple vulnerabilities in the web-based management interface of
 CVE-2021-1288 (Multiple vulnerabilities in the ingress packet processing function of  ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1287 (A vulnerability in the web-based management interface of Cisco RV132W  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1285
@@ -76536,7 +76536,7 @@ CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a de
 CVE-2020-9368 (The Module Olea Gift On Order module through 5.0.8 for PrestaShop enab ...)
 	NOT-FOR-US: Module Olea Gift On Order module for PrestaShop
 CVE-2020-9367 (The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...)
 	- pure-ftpd 1.0.49-3 (bug #952471)
 	[buster] - pure-ftpd <no-dsa> (Minor issue)
@@ -83546,9 +83546,9 @@ CVE-2020-6580
 CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudlo ...)
 	NOT-FOR-US: MailBeez plugin for ZenCart
 CVE-2020-6578 (Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to in ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2020-6577 (The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows ...)
-	TODO: check
+	NOT-FOR-US: IT-Recht Kanzlei plugin in Zen Cart
 CVE-2020-6576 (Use after free in offscreen canvas in Google Chrome prior to 85.0.4183 ...)
 	{DSA-4824-1}
 	- chromium 87.0.4280.88-0.1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c54705ffb5c4a683e41f568df607ebe6739d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c54705ffb5c4a683e41f568df607ebe6739d2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210319/96c9147c/attachment.htm>

More information about the debian-security-tracker-commits mailing list