[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 26 20:28:38 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af9b5e53 by Salvatore Bonaccorso at 2021-03-26T21:28:12+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2021-29257
CVE-2021-29256
RESERVED
CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...)
- TODO: check
+ NOT-FOR-US: MicroSeven
CVE-2021-29254
RESERVED
CVE-2021-29253
@@ -2182,13 +2182,13 @@ CVE-2021-28252
CVE-2021-28251
RESERVED
CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
- TODO: check
+ NOT-FOR-US: CA eHealth Performance Manager
CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
- TODO: check
+ NOT-FOR-US: CA eHealth Performance Manager
CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
- TODO: check
+ NOT-FOR-US: CA eHealth Performance Manager
CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
- TODO: check
+ NOT-FOR-US: CA eHealth Performance Manager
CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
NOT-FOR-US: CA eHealth Performance Manager
CVE-2021-28245
@@ -7886,7 +7886,7 @@ CVE-2021-3277
CVE-2021-3276
RESERVED
CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-3274
RESERVED
CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...)
@@ -9144,13 +9144,13 @@ CVE-2021-25374
CVE-2021-25373
RESERVED
CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...)
NOT-FOR-US: Samsung
CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...)
@@ -12474,11 +12474,11 @@ CVE-2021-23892
CVE-2021-23891
RESERVED
CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23887
RESERVED
CVE-2021-23886
@@ -13863,7 +13863,7 @@ CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XS
CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...)
NOT-FOR-US: PrestaShop
CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
NOT-FOR-US: MERCUSYS Mercury X18G devices
CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
@@ -14543,7 +14543,7 @@ CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS v
CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...)
NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2021-22885
RESERVED
CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
@@ -18372,7 +18372,7 @@ CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, all
CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...)
NOT-FOR-US: SAP
CVE-2020-35856 (SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-35855
RESERVED
CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...)
@@ -20849,11 +20849,11 @@ CVE-2021-20685
CVE-2021-20684
RESERVED
CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2021-20680
RESERVED
CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...)
@@ -20861,7 +20861,7 @@ CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7
CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...)
NOT-FOR-US: Paid Memberships Pro
CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...)
- TODO: check
+ NOT-FOR-US: UNIVERGE
CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
NOT-FOR-US: M-System
CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
@@ -27710,7 +27710,7 @@ CVE-2020-28697
CVE-2020-28696
RESERVED
CVE-2020-28695 (Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices ...)
- TODO: check
+ NOT-FOR-US: Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices
CVE-2020-28694
RESERVED
CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an ...)
@@ -50848,7 +50848,7 @@ CVE-2020-19628
CVE-2020-19627
RESERVED
CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...)
- TODO: check
+ NOT-FOR-US: craftcms
CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...)
TODO: check
CVE-2020-19624
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af9b5e534537228200b19ad9f80e8af014b4907a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af9b5e534537228200b19ad9f80e8af014b4907a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210326/89a5bbf0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list