[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso carnil at debian.org
Fri May 7 10:04:17 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7925c8e0 by Salvatore Bonaccorso at 2021-05-07T11:03:52+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -697,19 +697,19 @@ CVE-2021-32106
 CVE-2021-32105
 	RESERVED
 CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2021-32103 (A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php  ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in library ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect acces ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora FMS 742 ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component of Arti ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to perform Pha ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2021-32097
 	RESERVED
 CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency (NSA) Emi ...)
@@ -761,13 +761,13 @@ CVE-2021-3538
 	NOTE: https://github.com/satori/go.uuid/issues/73
 	TODO: check, probably introduced after the 1.2.0 release and only in a unreleased version.
 CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...)
-	TODO: check
+	NOT-FOR-US: VerityStream MSOW Solutions
 CVE-2021-32076
 	RESERVED
 CVE-2021-32075
 	RESERVED
 CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action)
 CVE-2021-32073
 	RESERVED
 CVE-2021-32072
@@ -1741,7 +1741,7 @@ CVE-2021-31739
 CVE-2021-31738
 	RESERVED
 CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2021-31736
 	RESERVED
 CVE-2021-31735
@@ -7518,7 +7518,7 @@ CVE-2021-29205
 CVE-2021-29204
 	RESERVED
 CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29202
 	RESERVED
 CVE-2021-29201
@@ -8701,7 +8701,7 @@ CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loo
 CVE-2021-28666
 	RESERVED
 CVE-2021-28665 (Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a me ...)
-	TODO: check
+	NOT-FOR-US: Stormshield SNS
 CVE-2021-28664
 	RESERVED
 	NOT-FOR-US: ARM components for Android
@@ -33979,9 +33979,9 @@ CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers t
 CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow remote att ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-29445 (Affected versions of Confluence Server before 7.11.0 allow attackers t ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 7.11.0  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...)
 	{DLA-2560-1}
 	- qemu <unfixed> (bug #983575)
@@ -51692,9 +51692,9 @@ CVE-2020-23266
 CVE-2020-23265
 	RESERVED
 CVE-2020-23264 (Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remot ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2020-23263 (Persistent Cross-site scripting vulnerability on Fork CMS version 5.8. ...)
-	TODO: check
+	NOT-FOR-US: Fork CMS
 CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a malicious user ...)
 	NOT-FOR-US: ming-soft MCMS
 CVE-2020-23261



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7925c8e085cde026baf4455d65d3d09eceb90e95

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7925c8e085cde026baf4455d65d3d09eceb90e95
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210507/81c3be83/attachment.htm>

More information about the debian-security-tracker-commits mailing list