[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 17 21:19:39 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd2beb94 by Salvatore Bonaccorso at 2021-05-17T22:18:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2021-33043
 CVE-2021-33042
 	RESERVED
 CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
-	TODO: check
+	NOT-FOR-US: vmd
 CVE-2021-33040
 	RESERVED
 CVE-2021-33039
@@ -1275,13 +1275,13 @@ CVE-2021-32458
 CVE-2021-32457
 	RESERVED
 CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
-	TODO: check
+	NOT-FOR-US: SITEL CAP/PRX firmware
 CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access  ...)
-	TODO: check
+	NOT-FOR-US: SITEL CAP/PRX firmware
 CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...)
-	TODO: check
+	NOT-FOR-US: SITEL CAP/PRX firmware
 CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
-	TODO: check
+	NOT-FOR-US: SITEL CAP/PRX firmware
 CVE-2021-3540
 	RESERVED
 CVE-2021-32452
@@ -1383,9 +1383,9 @@ CVE-2021-32405
 CVE-2021-32404
 	RESERVED
 CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
-	TODO: check
+	NOT-FOR-US: Intelbras Router RF 301K Firmware
 CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
-	TODO: check
+	NOT-FOR-US: Intelbras Router RF 301K Firmware
 CVE-2021-32401
 	RESERVED
 CVE-2021-32400
@@ -3110,9 +3110,9 @@ CVE-2021-31730
 CVE-2021-31729
 	RESERVED
 CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
-	TODO: check
+	NOT-FOR-US: MalwareFox AntiMalware
 CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
-	TODO: check
+	NOT-FOR-US: MalwareFox AntiMalware
 CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...)
 	NOT-FOR-US: Akuvox
 CVE-2021-31725
@@ -9307,27 +9307,27 @@ CVE-2021-29055
 CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...)
 	NOT-FOR-US: Papoo
 CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29050
 	RESERVED
 CVE-2021-29049
 	RESERVED
 CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...)
 	NOT-FOR-US: Liferay
 CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-29042
 	RESERVED
 CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...)
@@ -9365,9 +9365,9 @@ CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version
 CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0  ...)
 	NOT-FOR-US: Bitweaver
 CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: InvoicePlane
 CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset  ...)
-	TODO: check
+	NOT-FOR-US: InvoicePlane
 CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of  ...)
 	NOT-FOR-US: InvoicePlane
 CVE-2021-29021
@@ -12460,7 +12460,7 @@ CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via
 CVE-2021-27735
 	RESERVED
 CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann HiOS
 CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via  ...)
 	NOT-FOR-US: JetBrains
 CVE-2021-27732
@@ -13320,7 +13320,7 @@ CVE-2021-27344
 CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
 	NOT-FOR-US: SerenityOS
 CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-27341
 	RESERVED
 CVE-2021-27340



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2beb940088e581c51a57fff666c6f4e99a014b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2beb940088e581c51a57fff666c6f4e99a014b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210517/bae9c3af/attachment.htm>

More information about the debian-security-tracker-commits mailing list