[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed May 5 10:14:13 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac708853 by Salvatore Bonaccorso at 2021-05-05T11:13:52+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1997,7 +1997,7 @@ CVE-2021-31166
 CVE-2021-31165
 	RESERVED
 CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because  ...)
-	TODO: check
+	NOT-FOR-US: Apache Unomi
 CVE-2021-31163
 	RESERVED
 CVE-2021-31162 (In the standard library in Rust before 1.53.0, a double free can occur ...)
@@ -6454,7 +6454,7 @@ CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper inpu
 CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that  ...)
 	NOT-FOR-US: CODESYS Gateway 3
 CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...)
-	TODO: check
+	NOT-FOR-US: Package Manager of CODESYS Development System 3
 CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...)
 	NOT-FOR-US: CODESYS Development System 3
 CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...)
@@ -16207,7 +16207,7 @@ CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result
 CVE-2021-3155
 	RESERVED
 CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
 	NOT-FOR-US: HashiCorp Terraform Enterprise
 CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
@@ -16258,7 +16258,7 @@ CVE-2021-25181
 CVE-2021-25180
 	RESERVED
 CVE-2021-25179 (SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-25178 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
 	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2021-25177 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
@@ -24110,7 +24110,7 @@ CVE-2021-21553
 CVE-2021-21552
 	RESERVED
 CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21550
 	RESERVED
 CVE-2021-21549
@@ -40976,7 +40976,7 @@ CVE-2020-27520
 CVE-2020-27519 (Pritunl Client v1.2.2550.20 contains a local privilege escalation vuln ...)
 	NOT-FOR-US: Pritunl Client
 CVE-2020-27518 (All versions of Windscribe VPN for Mac and Windows <= v2.02.10 cont ...)
-	TODO: check
+	NOT-FOR-US: Windscribe VPN
 CVE-2020-27517
 	RESERVED
 CVE-2020-27516
@@ -51166,7 +51166,7 @@ CVE-2020-23017
 CVE-2020-23016
 	RESERVED
 CVE-2020-23015 (An open redirect issue was discovered in OPNsense through 20.1.5. The  ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2020-23014 (APfell 1.4 is vulnerable to authenticated reflected cross-site scripti ...)
 	NOT-FOR-US: APfell
 CVE-2020-23013
@@ -52340,7 +52340,7 @@ CVE-2020-22430
 CVE-2020-22429
 	RESERVED
 CVE-2020-22428 (SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scr ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-22427 (** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution  ...)
 	NOT-FOR-US: Nagios XI
 CVE-2020-22426
@@ -53200,7 +53200,7 @@ CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulne
 CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...)
 	NOT-FOR-US: HomeAutomation
 CVE-2020-21999 (iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authent ...)
-	TODO: check
+	NOT-FOR-US: iWT Ltd FaceSentry Access Control System
 CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter  ...)
 	NOT-FOR-US: HomeAutomation
 CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated da ...)
@@ -96261,7 +96261,7 @@ CVE-2020-4989
 CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
 	NOT-FOR-US: IBM
 CVE-2020-4987 (IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnera ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4986
 	RESERVED
 CVE-2020-4985



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7088537c001dadb3539c6465cdc46f0e382b58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac7088537c001dadb3539c6465cdc46f0e382b58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210505/8c89893f/attachment.htm>

More information about the debian-security-tracker-commits mailing list