[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 25 20:19:54 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3e7ea53 by Salvatore Bonaccorso at 2021-05-25T21:19:09+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17214,7 +17214,7 @@ CVE-2021-3322
 CVE-2021-3321
 	RESERVED
 CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3319
 	RESERVED
 CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
@@ -21827,7 +21827,7 @@ CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426
 CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...)
 	TODO: check
 CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...)
-	TODO: check
+	NOT-FOR-US: Goto WordPress theme
 CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
@@ -38091,29 +38091,29 @@ CVE-2020-28912 (With MariaDB running on Windows, when local clients connect to t
 	NOTE: https://jira.mariadb.org/browse/MDEV-24040
 	NOTE: https://github.com/MariaDB/server/commit/3829b408d6
 CVE-2020-28911 (Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28910 (Creation of a Temporary Directory with Insecure Permissions in Nagios  ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-28909 (Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows f ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28908 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28907 (Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlie ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28906 (Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios F ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-28905 (Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28904 (Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earli ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28903 (Improper input validation in Nagios Fusion 4.1.8 and earlier allows a  ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28902 (Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege  ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28901 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28900 (Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8  ...)
-	TODO: check
+	NOT-FOR-US: Nagios Fusion
 CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does  ...)
 	NOT-FOR-US: ZyXEL
 CVE-2020-28898 (In QED ResourceXpress through 4.9k, a large numeric or alphanumeric va ...)
@@ -59324,7 +59324,7 @@ CVE-2020-20909
 CVE-2020-20908
 	RESERVED
 CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...)
-	TODO: check
+	NOT-FOR-US: MetInfo
 CVE-2020-20906
 	RESERVED
 CVE-2020-20905
@@ -76356,17 +76356,17 @@ CVE-2020-13605
 CVE-2020-13604
 	REJECTED
 CVE-2020-13603 (Integer Overflow in memory allocating functions. Zephyr versions >= ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-13602 (Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions &gt ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-13601 (Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-13600 (Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-13599 (Security problem with settings and littlefs. Zephyr versions >= 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-13598 (FS: Buffer Overflow when enabling Long File Names in FAT_FS and callin ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
 	NOT-FOR-US: Calico
 CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
@@ -87089,23 +87089,23 @@ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was
 	- gitlab <not-affected> (Only affects Gitlab EE)
 	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10072 (Improper Handling of Insufficient Permissions or Privileges in zephyr. ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10069 (Zephyr Bluetooth unchecked packet data results in denial of service. Z ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10066 (Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >=  ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10065 (Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10064 (Improper Input Frame Validation in ieee802154 Processing. Zephyr versi ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to  ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e7ea532cef5f24defeb6b2337d90c14f0030b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e7ea532cef5f24defeb6b2337d90c14f0030b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210525/7ffb8052/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list