[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 13 09:41:56 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
062b6071 by Salvatore Bonaccorso at 2021-05-13T10:41:35+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9551,7 +9551,7 @@ CVE-2021-28801
 CVE-2021-28800
 	RESERVED
 CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28798
 	RESERVED
 CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...)
@@ -12850,11 +12850,11 @@ CVE-2021-3412
 CVE-2021-27399
 	RESERVED
 CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
-	TODO: check
+	NOT-FOR-US: Tecnomatix Plant Simulation
 CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
-	TODO: check
+	NOT-FOR-US: Tecnomatix Plant Simulation
 CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
-	TODO: check
+	NOT-FOR-US: Tecnomatix Plant Simulation
 CVE-2021-27395
 	RESERVED
 CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
@@ -12874,13 +12874,13 @@ CVE-2021-27388
 CVE-2021-27387
 	RESERVED
 CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
 	NOT-FOR-US: Solid Edge (Siemens)
 CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
@@ -17216,11 +17216,11 @@ CVE-2021-25664 (A vulnerability has been identified in Nucleus 4 (All versions &
 CVE-2021-25663 (A vulnerability has been identified in Nucleus 4 (All versions < V4 ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-25659
 	RESERVED
 CVE-2021-25658
@@ -17905,9 +17905,9 @@ CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to
 CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...)
 	NOT-FOR-US: MobileWips application
 CVE-2020-36198 (A command injection vulnerability has been reported to affect certain  ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2020-36197 (An improper access control vulnerability has been reported to affect e ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2020-36196
 	RESERVED
 CVE-2020-36195 (An SQL injection vulnerability has been reported to affect QNAP NAS ru ...)
@@ -21237,9 +21237,9 @@ CVE-2021-23894
 CVE-2021-23893
 	RESERVED
 CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy  ...)
 	NOT-FOR-US: McAfee
 CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
@@ -21277,7 +21277,7 @@ CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protec
 CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
 	NOT-FOR-US: McAfee
 CVE-2021-23872 (Privilege Escalation vulnerability in the File Lock component of McAfe ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-23871
 	RESERVED
 CVE-2021-23870
@@ -25053,7 +25053,7 @@ CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT
 CVE-2021-22156
 	RESERVED
 CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry Workspaces Server
 CVE-2021-22154
 	RESERVED
 CVE-2021-22153
@@ -32529,7 +32529,7 @@ CVE-2020-35200 (Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-f
 CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID St ...)
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-35198 (An issue was discovered in Wind River VxWorks 7. The memory allocator  ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks 7
 CVE-2020-35197 (The official memcached docker images before 1.5.11-alpine (Alpine spec ...)
 	NOT-FOR-US: memcached docker images before 1.5.11-alpine (Alpine specific)
 CVE-2020-35196 (The official rabbitmq docker images before 3.7.13-beta.1-management-al ...)
@@ -38745,7 +38745,7 @@ CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch fam
 CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28393 (A vulnerability has been identified in SCALANCE XM-400 Family (All ver ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...)
 	NOT-FOR-US: Siemens
 CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
@@ -46330,7 +46330,7 @@ CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA,
 	NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
 	NOTE: https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/
 CVE-2020-26146 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The  ...)
 	- linux <unfixed>
 	NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
@@ -46339,7 +46339,7 @@ CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices
 	NOTE: https://lore.kernel.org/linux-wireless/20210511200110.5a0bd289bda8.Idd6ebea20038fb1cfee6de924aa595e5647c9eae@changeid/
 	NOTE: https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
 CVE-2020-26144 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2020-26143 (An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for  ...)
 	TODO: check
 CVE-2020-26142 (An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WP ...)
@@ -48607,7 +48607,7 @@ CVE-2020-25244 (A vulnerability has been identified in LOGO! Soft Comfort (All v
 CVE-2020-25243 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
 	NOT-FOR-US: Siemens
 CVE-2020-25242 (A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced ( ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25241 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...)
 	NOT-FOR-US: Siemens
 CVE-2020-25240 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -52689,21 +52689,21 @@ CVE-2020-23378
 CVE-2020-23377
 	RESERVED
 CVE-2020-23376 (NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/ad ...)
-	TODO: check
+	NOT-FOR-US: NoneCMS
 CVE-2020-23375
 	RESERVED
 CVE-2020-23374 (Cross-site scripting (XSS) vulnerability in admin/article/add.html in  ...)
-	TODO: check
+	NOT-FOR-US: NoneCMS
 CVE-2020-23373 (Cross-site scripting (XSS) vulnerability in admin/nav/add.html in none ...)
-	TODO: check
+	NOT-FOR-US: NoneCMS
 CVE-2020-23372
 	RESERVED
 CVE-2020-23371 (Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor ...)
-	TODO: check
+	NOT-FOR-US: NoneCMS
 CVE-2020-23370 (In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/ ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-23369 (In YzmCMS 5.6, XSS was discovered in member/member_content/init.html v ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2020-23368
 	RESERVED
 CVE-2020-23367
@@ -58920,11 +58920,11 @@ CVE-2020-20269 (A specially crafted Markdown document could cause the execution
 CVE-2020-20268
 	RESERVED
 CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20266
 	RESERVED
 CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik RouterOs
 CVE-2020-20264
 	RESERVED
 CVE-2020-20263
@@ -60913,9 +60913,9 @@ CVE-2020-19277
 CVE-2020-19276
 	RESERVED
 CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms 2017-09-18 whe ...)
-	TODO: check
+	NOT-FOR-US: dhcms
 CVE-2020-19274 (A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18  ...)
-	TODO: check
+	NOT-FOR-US: dhcms
 CVE-2020-19273
 	RESERVED
 CVE-2020-19272
@@ -61065,7 +61065,7 @@ CVE-2020-19201
 CVE-2020-19200
 	RESERVED
 CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2. ...)
-	TODO: check
+	NOT-FOR-US: PHPOK
 CVE-2020-19198
 	RESERVED
 CVE-2020-19197
@@ -61535,7 +61535,7 @@ CVE-2020-18966
 CVE-2020-18965
 	RESERVED
 CVE-2020-18964 (Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest v ...)
-	TODO: check
+	NOT-FOR-US: ForestBlog
 CVE-2020-18963
 	RESERVED
 CVE-2020-18962
@@ -63139,7 +63139,7 @@ CVE-2020-18167
 CVE-2020-18166
 	RESERVED
 CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: LAOBANCMS
 CVE-2020-18164
 	RESERVED
 CVE-2020-18163
@@ -63265,7 +63265,7 @@ CVE-2020-18104
 CVE-2020-18103
 	RESERVED
 CVE-2020-18102 (Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attacke ...)
-	TODO: check
+	NOT-FOR-US: Hotels_Server
 CVE-2020-18101
 	RESERVED
 CVE-2020-18100
@@ -108203,7 +108203,7 @@ CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY
 CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...)
 	NOT-FOR-US: Siemens
 CVE-2019-19276 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...)
 	- python3-typed-ast 1.4.0-1 (low)
 	[buster] - python3-typed-ast <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062b6071ff18040e3fc64bda83f735210cd4852e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062b6071ff18040e3fc64bda83f735210cd4852e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210513/ba641017/attachment.htm>

More information about the debian-security-tracker-commits mailing list