[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Mar 26 08:39:34 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dafbee6 by Salvatore Bonaccorso at 2021-03-26T09:39:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -343,17 +343,17 @@ CVE-2021-29100
 CVE-2021-29099
 	RESERVED
 CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
-	TODO: check
+	NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-29097 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
-	TODO: check
+	NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...)
 	NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-29095 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
-	TODO: check
+	NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
-	TODO: check
+	NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-29093 (A use-after-free vulnerability when parsing a specially crafted file i ...)
-	TODO: check
+	NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-3461
 	RESERVED
 	NOT-FOR-US: Keycloak
@@ -528,11 +528,11 @@ CVE-2021-29012
 CVE-2021-29011
 	RESERVED
 CVE-2021-29010 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2021-29009 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2021-29007
 	RESERVED
 CVE-2021-29006
@@ -2174,7 +2174,7 @@ CVE-2021-28248
 CVE-2021-28247
 	RESERVED
 CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
-	TODO: check
+	NOT-FOR-US: CA eHealth Performance Manager
 CVE-2021-28245
 	RESERVED
 CVE-2021-28244
@@ -4052,19 +4052,19 @@ CVE-2021-27456
 CVE-2021-27455
 	RESERVED
 CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2021-27453
 	RESERVED
 CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2021-27451
 	RESERVED
 CVE-2021-27450 (SSH server configuration file does not implement some best practices.  ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2021-27449
 	RESERVED
 CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2021-27447
 	RESERVED
 CVE-2021-27446
@@ -4080,11 +4080,11 @@ CVE-2021-27442
 CVE-2021-27441
 	RESERVED
 CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2021-27439
 	RESERVED
 CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2021-27437
 	RESERVED
 CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
@@ -9162,15 +9162,15 @@ CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2
 CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...)
 	NOT-FOR-US: Samsung
 CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.121 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung Account prio ...)
 	NOT-FOR-US: Samsung
 CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to version ...)
 	NOT-FOR-US: Samsung
 CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
 	NOT-FOR-US: Samsung Internet
 CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to  ...)
@@ -15035,7 +15035,7 @@ CVE-2020-36170 (The Ultimate Member plugin before 2.1.13 for WordPress mishandle
 CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress does not cl ...)
 	NOT-FOR-US: Limit Login Attempts plugin for WordPress
 CVE-2021-3027 (app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected ...)
-	TODO: check
+	NOT-FOR-US: LibrIT PaSSHport
 CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
 	NOT-FOR-US: Invision Community IPS Community Suite
 CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...)
@@ -43017,7 +43017,7 @@ CVE-2020-23519
 CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - ...)
 	NOT-FOR-US: UltimateKode Neo Billing - Accounting, Invoicing And CRM Software
 CVE-2020-23517 (Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS ...)
-	TODO: check
+	NOT-FOR-US: Aryanic HighMail (High CMS)
 CVE-2020-23516
 	RESERVED
 CVE-2020-23515
@@ -74753,17 +74753,17 @@ CVE-2020-10586
 CVE-2020-10585
 	RESERVED
 CVE-2020-10584 (A directory traversal on the /admin/search_by.php script of Invigo Aut ...)
-	TODO: check
+	NOT-FOR-US: Invigo Automatic Device Management (ADM)
 CVE-2020-10583 (The /admin/admapi.php script of Invigo Automatic Device Management (AD ...)
-	TODO: check
+	NOT-FOR-US: Invigo Automatic Device Management (ADM)
 CVE-2020-10582 (A SQL injection on the /admin/display_errors.php script of Invigo Auto ...)
-	TODO: check
+	NOT-FOR-US: Invigo Automatic Device Management (ADM)
 CVE-2020-10581 (Multiple session validity check issues in several administration funct ...)
-	TODO: check
+	NOT-FOR-US: Invigo Automatic Device Management (ADM)
 CVE-2020-10580 (A command injection on the /admin/broadcast.php script of Invigo Autom ...)
-	TODO: check
+	NOT-FOR-US: Invigo Automatic Device Management (ADM)
 CVE-2020-10579 (A directory traversal on the /admin/sysmon.php script of Invigo Automa ...)
-	TODO: check
+	NOT-FOR-US: Invigo Automatic Device Management (ADM)
 CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...)
 	NOT-FOR-US: QCMS
 CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...)
@@ -81536,7 +81536,7 @@ CVE-2020-7854
 CVE-2020-7853 (An outbound read/write vulnerability exists in XPLATFORM that does not ...)
 	NOT-FOR-US: XPLATFORM
 CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...)
-	TODO: check
+	NOT-FOR-US: DaviewIndy
 CVE-2020-7851
 	RESERVED
 CVE-2020-7850



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dafbee6935854c1409b02a67beeb38b1512c04c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dafbee6935854c1409b02a67beeb38b1512c04c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210326/0e3a5c6d/attachment.htm>

More information about the debian-security-tracker-commits mailing list