[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 21 09:43:53 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b4c174d by Salvatore Bonaccorso at 2021-05-21T10:43:05+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1805,7 +1805,7 @@ CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are v
 CVE-2021-32631
 	RESERVED
 CVE-2021-32630 (Admidio is a free, open source user management system for websites of  ...)
-	TODO: check
+	NOT-FOR-US: Admidio
 CVE-2021-32629
 	RESERVED
 CVE-2021-32628
@@ -10946,7 +10946,7 @@ CVE-2021-28800
 CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28798 (A relative path traversal vulnerability has been reported to affect QN ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...)
 	NOT-FOR-US: QNAP NAS devices
 CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
@@ -12247,7 +12247,7 @@ CVE-2021-3440
 CVE-2021-3439
 	RESERVED
 CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
-	TODO: check
+	NOT-FOR-US: HP LaserJet products and Samsung product printers
 CVE-2021-3437
 	RESERVED
 CVE-2021-3436
@@ -12564,9 +12564,9 @@ CVE-2021-28114
 CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain  ...)
 	NOT-FOR-US: Okta Access Gateway
 CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...)
-	TODO: check
+	NOT-FOR-US: Draeger X-Dock Firmware
 CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, le ...)
-	TODO: check
+	NOT-FOR-US: Draeger X-Dock Firmware
 CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...)
 	NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
 CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...)
@@ -12964,7 +12964,7 @@ CVE-2021-27958
 CVE-2021-27957
 	RESERVED
 CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...)
 	NOT-FOR-US: ScottBrady.IdentityModel
 CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...)
@@ -17005,7 +17005,7 @@ CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page
 CVE-2021-3314
 	RESERVED
 CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2021-3312
 	RESERVED
 CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
@@ -17771,15 +17771,15 @@ CVE-2021-25935
 CVE-2021-25934
 	RESERVED
 CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2021-25932
 	RESERVED
 CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
 	NOT-FOR-US: Node safe-obj
 CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
@@ -64443,7 +64443,7 @@ CVE-2020-18222
 CVE-2020-18221
 	RESERVED
 CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...)
-	TODO: check
+	NOT-FOR-US: DoraCMS
 CVE-2020-18219
 	RESERVED
 CVE-2020-18218



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4c174d064ef242e1569fafe57a1861515125cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4c174d064ef242e1569fafe57a1861515125cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210521/104f3a84/attachment.htm>


More information about the debian-security-tracker-commits mailing list