[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
427561f9 by Moritz Mühlenhoff at 2021-03-27T22:45:33+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2021-29273
 	RESERVED
 CVE-2021-29272 (bluemonday before 1.0.5 allows XSS because certain Go lowercasing conv ...)
-	TODO: check
+	NOT-FOR-US: bluemonday
 CVE-2021-29271 (remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator ...)
-	TODO: check
+	NOT-FOR-US: remark42
 CVE-2021-29270
 	RESERVED
 CVE-2021-29269
@@ -4308,7 +4308,7 @@ CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 be
 CVE-2021-27373
 	RESERVED
 CVE-2021-27372 (Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may  ...)
-	TODO: check
+	NOT-FOR-US: Realtek xPON RTL9601D SDK
 CVE-2021-27371 (The Contact page in Monica 2.19.1 allows stored XSS via the Descriptio ...)
 	NOT-FOR-US: Monica
 CVE-2021-27370 (The Contact page in Monica 2.19.1 allows stored XSS via the Last Name  ...)
@@ -5824,7 +5824,7 @@ CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1,
 CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS  ...)
 	NOT-FOR-US: Emoncms
 CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...)
-	TODO: check
+	NOT-FOR-US: MITREid Connect
 CVE-2021-26714
 	RESERVED
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3
@@ -9700,7 +9700,7 @@ CVE-2021-3155
 CVE-2021-3154
 	RESERVED
 CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Terraform Enterprise
 CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
 	NOT-FOR-US: Home Assistant
 CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS)  ...)
@@ -14584,9 +14584,9 @@ CVE-2021-22891
 CVE-2021-22890
 	RESERVED
 CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
-	TODO: check
+	NOT-FOR-US: Revive Adserver
 CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...)
 	NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
 CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/427561f9db2421744fd14c7ee4a491ad2b4a4fe9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/427561f9db2421744fd14c7ee4a491ad2b4a4fe9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210327/9ac3d38f/attachment.htm>