[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Mar 29 21:15:22 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90f8ce4a by Salvatore Bonaccorso at 2021-03-29T22:14:56+02:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1064,9 +1064,9 @@ CVE-2021-28939
 CVE-2021-28938
 	RESERVED
 CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...)
-	TODO: check
+	NOT-FOR-US: Acexy Wireless-N WiFi Repeater
 CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...)
-	TODO: check
+	NOT-FOR-US: Acexy Wireless-N WiFi Repeater
 CVE-2021-28935
 	RESERVED
 CVE-2021-28934
@@ -1600,13 +1600,13 @@ CVE-2021-28675
 CVE-2021-28674
 	RESERVED
 CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2021-28672
 	RESERVED
 CVE-2021-28671
 	RESERVED
 CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2021-28669
 	RESERVED
 CVE-2021-28668
@@ -4673,7 +4673,7 @@ CVE-2021-27354
 CVE-2021-27353
 	RESERVED
 CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...)
-	TODO: check
+	NOT-FOR-US: Ilch CMS
 CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...)
 	- telegram-desktop 2.6.1-1
 	[buster] - telegram-desktop <not-affected> (Vulnerable code not present)
@@ -10134,9 +10134,9 @@ CVE-2021-25146
 CVE-2021-25145
 	RESERVED
 CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
 	NOT-FOR-US: HPE
 CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...)
@@ -17447,7 +17447,7 @@ CVE-2021-21729
 CVE-2021-21728
 	RESERVED
 CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with  ...)
@@ -39733,9 +39733,9 @@ CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows
 	NOTE: https://github.com/libproxy/libproxy/issues/134
 	NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0
 CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
-	TODO: check
+	NOT-FOR-US: Grandstream GRP261x VoIP phone
 CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
-	TODO: check
+	NOT-FOR-US: Grandstream GRP261x VoIP phone
 CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...)
 	NOT-FOR-US: yWorks yEd Desktop
 CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
@@ -41048,7 +41048,7 @@ CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for a
 CVE-2020-24636
 	RESERVED
 CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...)
 	NOT-FOR-US: Aruba
 CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to  ...)
@@ -81941,7 +81941,7 @@ CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered whe
 CVE-2020-7851
 	RESERVED
 CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware
 CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
 	NOT-FOR-US: uPrism.io CURIX
 CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
@@ -144157,7 +144157,7 @@ CVE-2019-5319
 CVE-2019-5318
 	RESERVED
 CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2019-5316
 	RESERVED
 CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90f8ce4af37faeb6b4f672c798ee4a4525e6f5af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90f8ce4af37faeb6b4f672c798ee4a4525e6f5af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210329/420a2c10/attachment.htm>

More information about the debian-security-tracker-commits mailing list