[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 25 21:19:31 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e3b599d8 by Salvatore Bonaccorso at 2021-05-25T22:19:06+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294,7 +294,7 @@ CVE-2021-33427
 CVE-2021-33426
 	RESERVED
 CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...)
-	TODO: check
+	NOT-FOR-US: OpenWRT LuCI
 CVE-2021-33424
 	RESERVED
 CVE-2021-33423
@@ -7742,25 +7742,25 @@ CVE-2021-30197
 CVE-2021-30196
 	RESERVED
 CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer  ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...)
 	NOT-FOR-US: CERN Indico
 CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...)
@@ -10214,27 +10214,27 @@ CVE-2021-29213
 CVE-2021-29212
 	RESERVED
 CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
 	NOT-FOR-US: HPE
 CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE Integrated ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2021-29199
@@ -13545,11 +13545,11 @@ CVE-2021-27825
 CVE-2021-27824
 	RESERVED
 CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...)
-	TODO: check
+	NOT-FOR-US: NetWave
 CVE-2021-27822
 	RESERVED
 CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...)
-	TODO: check
+	NOT-FOR-US: OpenWRT LuCI
 CVE-2021-27820
 	RESERVED
 CVE-2021-27819
@@ -18004,9 +18004,9 @@ CVE-2021-25937
 CVE-2021-25936
 	RESERVED
 CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
 	NOT-FOR-US: OpenNMS
 CVE-2021-25932
@@ -27718,13 +27718,13 @@ CVE-2021-21662
 CVE-2021-21661
 	RESERVED
 CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin ...)
@@ -88548,11 +88548,11 @@ CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.
 CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local  ...)
 	NOT-FOR-US: Epson
 CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB!  ...)
 	NOT-FOR-US: BlaB!
 CVE-2020-9448



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b599d8374ab6918a76d755fab6a9519f81fafa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b599d8374ab6918a76d755fab6a9519f81fafa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210525/1dffdff0/attachment.htm>

More information about the debian-security-tracker-commits mailing list