[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 25 20:19:54 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3e7ea53 by Salvatore Bonaccorso at 2021-05-25T21:19:09+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17214,7 +17214,7 @@ CVE-2021-3322
CVE-2021-3321
RESERVED
CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3319
RESERVED
CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
@@ -21827,7 +21827,7 @@ CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426
CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...)
TODO: check
CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...)
- TODO: check
+ NOT-FOR-US: Goto WordPress theme
CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
@@ -38091,29 +38091,29 @@ CVE-2020-28912 (With MariaDB running on Windows, when local clients connect to t
NOTE: https://jira.mariadb.org/browse/MDEV-24040
NOTE: https://github.com/MariaDB/server/commit/3829b408d6
CVE-2020-28911 (Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28910 (Creation of a Temporary Directory with Insecure Permissions in Nagios ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-28909 (Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows f ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28908 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28907 (Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlie ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28906 (Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios F ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-28905 (Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28904 (Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earli ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28903 (Improper input validation in Nagios Fusion 4.1.8 and earlier allows a ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28902 (Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28901 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28900 (Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does ...)
NOT-FOR-US: ZyXEL
CVE-2020-28898 (In QED ResourceXpress through 4.9k, a large numeric or alphanumeric va ...)
@@ -59324,7 +59324,7 @@ CVE-2020-20909
CVE-2020-20908
RESERVED
CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2020-20906
RESERVED
CVE-2020-20905
@@ -76356,17 +76356,17 @@ CVE-2020-13605
CVE-2020-13604
REJECTED
CVE-2020-13603 (Integer Overflow in memory allocating functions. Zephyr versions >= ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13602 (Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions > ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13601 (Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13600 (Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13599 (Security problem with settings and littlefs. Zephyr versions >= 1.1 ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13598 (FS: Buffer Overflow when enabling Long File Names in FAT_FS and callin ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
NOT-FOR-US: Calico
CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
@@ -87089,23 +87089,23 @@ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10072 (Improper Handling of Insufficient Permissions or Privileges in zephyr. ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10069 (Zephyr Bluetooth unchecked packet data results in denial of service. Z ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10066 (Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10065 (Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10064 (Improper Input Frame Validation in ieee802154 Processing. Zephyr versi ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e7ea532cef5f24defeb6b2337d90c14f0030b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e7ea532cef5f24defeb6b2337d90c14f0030b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210525/7ffb8052/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list