[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat May 8 05:58:25 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39e44ad5 by Salvatore Bonaccorso at 2021-05-08T06:58:08+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2021-32472
 CVE-2021-32471
 	RESERVED
 CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2021-32469
 	RESERVED
 CVE-2021-32468
@@ -5224,9 +5224,9 @@ CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /
 CVE-2021-30174
 	RESERVED
 CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...)
-	TODO: check
+	NOT-FOR-US: omni-directional communication system
 CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...)
-	TODO: check
+	NOT-FOR-US: Quan-Fang-Wei-Tong-Xun system
 CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users&#821 ...)
 	TODO: check
 CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...)
@@ -10538,7 +10538,7 @@ CVE-2021-27943
 CVE-2021-27942
 	RESERVED
 CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...)
-	TODO: check
+	NOT-FOR-US: eWeLink mobile application
 CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...)
 	NOT-FOR-US: openark
 CVE-2021-27939
@@ -11371,17 +11371,17 @@ CVE-2021-27576 (If was found that the NetTest web service can be used to overloa
 CVE-2021-27575
 	RESERVED
 CVE-2021-27574 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses ...)
-	TODO: check
+	NOT-FOR-US: Emote Remote Mouse
 CVE-2021-27573 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote  ...)
-	TODO: check
+	NOT-FOR-US: Emote Remote Mouse
 CVE-2021-27572 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authent ...)
-	TODO: check
+	NOT-FOR-US: Emote Remote Mouse
 CVE-2021-27571 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
-	TODO: check
+	NOT-FOR-US: Emote Remote Mouse
 CVE-2021-27570 (An issue was discovered in Emote Remote Mouse through 3.015. Attackers ...)
-	TODO: check
+	NOT-FOR-US: Emote Remote Mouse
 CVE-2021-27569 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
-	TODO: check
+	NOT-FOR-US: Emote Remote Mouse
 CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...)
 	NOT-FOR-US: netplex
 CVE-2021-27567
@@ -14875,9 +14875,9 @@ CVE-2021-23140
 CVE-2021-23136
 	RESERVED
 CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...)
-	TODO: check
+	NOT-FOR-US: LivingLogic XIST4C
 CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...)
-	TODO: check
+	NOT-FOR-US: LivingLogic XIST4C
 CVE-2021-26121
 	RESERVED
 CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function  ...)
@@ -22854,23 +22854,23 @@ CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and l
 CVE-2021-22680
 	RESERVED
 CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...)
-	TODO: check
+	NOT-FOR-US: SimpleLink
 CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
 	NOT-FOR-US: Cscape
 CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...)
-	TODO: check
+	NOT-FOR-US: SimpleLink
 CVE-2021-22676
 	RESERVED
 CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...)
-	TODO: check
+	NOT-FOR-US: SimpleLink
 CVE-2021-22674
 	RESERVED
 CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...)
-	TODO: check
+	NOT-FOR-US: SimpleLink
 CVE-2021-22672
 	RESERVED
 CVE-2021-22671 (Multiple integer overflow issues exist while processing long domain na ...)
-	TODO: check
+	NOT-FOR-US: SimpleLink
 CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version  ...)
 	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22669 (Incorrect permissions are set to default on the ‘Project Managem ...)
@@ -24297,7 +24297,7 @@ CVE-2021-21986
 CVE-2021-21985
 	RESERVED
 CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API  ...)
 	NOT-FOR-US: vRealize Operations Manager API (Vmware)
 CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...)
@@ -25378,15 +25378,15 @@ CVE-2020-36130
 CVE-2020-36129
 	RESERVED
 CVE-2020-36128 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
-	TODO: check
+	NOT-FOR-US: Pax Technology PAXSTORE
 CVE-2020-36127 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
-	TODO: check
+	NOT-FOR-US: Pax Technology PAXSTORE
 CVE-2020-36126 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
-	TODO: check
+	NOT-FOR-US: Pax Technology PAXSTORE
 CVE-2020-36125 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
-	TODO: check
+	NOT-FOR-US: Pax Technology PAXSTORE
 CVE-2020-36124 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
-	TODO: check
+	NOT-FOR-US: Pax Technology PAXSTORE
 CVE-2020-36123
 	RESERVED
 CVE-2020-36122
@@ -72311,7 +72311,7 @@ CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in whi
 CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...)
 	NOT-FOR-US: Laborator Xenon theme for WordPress
 CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vu ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Enterprise Protection (PPS/PoD)
 CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
@@ -97525,7 +97525,7 @@ CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has int
 CVE-2020-4902
 	RESERVED
 CVE-2020-4901 (IBM Robotic Process Automation with Automation Anywhere 11.0 could all ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...)
 	NOT-FOR-US: IBM
 CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e44ad5207690550540bd36e444d5fad3c837af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e44ad5207690550540bd36e444d5fad3c837af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210508/23708f11/attachment.htm>


More information about the debian-security-tracker-commits mailing list