[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Mar 24 20:35:50 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a2b8e44 by Salvatore Bonaccorso at 2021-03-24T21:35:28+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2021-29136
 CVE-2021-29135
 	RESERVED
 CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when  ...)
-	TODO: check
+	NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers
 CVE-2021-3464
 	RESERVED
 CVE-2021-3463
@@ -262,23 +262,23 @@ CVE-2021-29035
 CVE-2021-29034
 	RESERVED
 CVE-2021-29033 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29032 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29031 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29030 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29029 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29028 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29027 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2021-29024
 	RESERVED
 CVE-2021-29023
@@ -324,7 +324,7 @@ CVE-2021-29004
 CVE-2021-29003
 	RESERVED
 CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2021-29001
 	RESERVED
 CVE-2021-29000
@@ -4135,17 +4135,17 @@ CVE-2021-27322
 CVE-2021-27321
 	RESERVED
 CVE-2021-27320 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0  ...)
-	TODO: check
+	NOT-FOR-US: Doctor Appointment System
 CVE-2021-27319 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0  ...)
-	TODO: check
+	NOT-FOR-US: Doctor Appointment System
 CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
 	NOT-FOR-US: Doctor Appointment System
 CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
 	NOT-FOR-US: Doctor Appointment System
 CVE-2021-27316 (Blind SQL injection in contactus.php in doctor appointment system 1.0  ...)
-	TODO: check
+	NOT-FOR-US: Doctor Appointment System
 CVE-2021-27315 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0  ...)
-	TODO: check
+	NOT-FOR-US: Doctor Appointment System
 CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an  ...)
 	NOT-FOR-US: doctor appointment system
 CVE-2021-27313
@@ -22888,7 +22888,7 @@ CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnera
 CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
 	NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server
 CVE-2020-35337 (ThinkSAAS before 3.38 contains a SQL injection vulnerability through a ...)
-	TODO: check
+	NOT-FOR-US: ThinkSAAS
 CVE-2020-35336
 	RESERVED
 CVE-2020-35335
@@ -58769,7 +58769,7 @@ CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch
 CVE-2020-15809 (spxmanage on certain SpinetiX devices allows requests that access unin ...)
-	TODO: check
+	NOT-FOR-US: SpinetiX devices
 CVE-2020-15808
 	RESERVED
 CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted  ...)
@@ -81334,7 +81334,7 @@ CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATF
 CVE-2020-7840
 	RESERVED
 CVE-2020-7839 (In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability c ...)
-	TODO: check
+	NOT-FOR-US: MaEPSBroker
 CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...)
 	NOT-FOR-US: Smilegate STOVE Client
 CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2b8e4434539dc3cd01ab3b7244804ed269070b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2b8e4434539dc3cd01ab3b7244804ed269070b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210324/b0657a93/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list