[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 26 21:34:13 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8954d91b by Salvatore Bonaccorso at 2021-05-26T22:33:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -263,9 +263,9 @@ CVE-2021-33472
 CVE-2021-33471
 	RESERVED
 CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: COVID19 Testing Management System
 CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...)
-	TODO: check
+	NOT-FOR-US: COVID19 Testing Management System
 CVE-2021-33468
 	RESERVED
 CVE-2021-33467
@@ -4252,9 +4252,9 @@ CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x
 CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...)
 	NOT-FOR-US: Typo3 extension
 CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not hashed u ...)
-	TODO: check
+	NOT-FOR-US: Versa
 CVE-2019-25029 (In Versa Director, the command injection is an attack in which the goa ...)
-	TODO: check
+	NOT-FOR-US: Versa
 CVE-2020-13672 [SA-CORE-2021-002]
 	RESERVED
 	{DLA-2637-1}
@@ -10261,9 +10261,9 @@ CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin c
 CVE-2021-29254
 	RESERVED
 CVE-2021-29253 (The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2  ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2021-29252 (RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...)
 	NOT-FOR-US: BTCPay Server
 CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripti ...)
@@ -14242,7 +14242,7 @@ CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is aut
 CVE-2021-27563
 	RESERVED
 CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...)
-	TODO: check
+	NOT-FOR-US: Arm Trusted Firmware M
 CVE-2021-27561
 	RESERVED
 CVE-2021-27560
@@ -17912,11 +17912,11 @@ CVE-2021-26036
 CVE-2021-26035
 	RESERVED
 CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26032 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was miss ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...)
 	NOT-FOR-US: Joomla!
 CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...)
@@ -27184,9 +27184,9 @@ CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for
 CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
 	NOT-FOR-US: VMware
 CVE-2021-21986 (The vSphere Client (HTML5) contains a vulnerability in a vSphere authe ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-21985 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...)
 	NOT-FOR-US: VMware
 CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API  ...)
@@ -33268,7 +33268,7 @@ CVE-2021-20098
 CVE-2021-20097
 	RESERVED
 CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: OpenOversight
 CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbi ...)
 	- python-babel 2.8.0+dfsg.1-7 (bug #987824)
 	NOTE: https://www.tenable.com/security/research/tra-2021-14
@@ -46874,13 +46874,13 @@ CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline
 CVE-2020-26681
 	RESERVED
 CVE-2020-26680 (In vFairs 3.3, any user logged in to a vFairs virtual conference or ev ...)
-	TODO: check
+	NOT-FOR-US: vFairs
 CVE-2020-26679 (vFairs 3.3 is affected by Insecure Permissions. Any user logged in to  ...)
-	TODO: check
+	NOT-FOR-US: vFairs
 CVE-2020-26678 (vFairs 3.3 is affected by Remote Code Execution. Any user logged in to ...)
-	TODO: check
+	NOT-FOR-US: vFairs
 CVE-2020-26677 (Any user logged in to a vFairs 3.3 virtual conference or event can per ...)
-	TODO: check
+	NOT-FOR-US: vFairs
 CVE-2020-26676
 	RESERVED
 CVE-2020-26675
@@ -64872,7 +64872,7 @@ CVE-2020-18223
 CVE-2020-18222
 	RESERVED
 CVE-2020-18221 (Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Typora
 CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...)
 	NOT-FOR-US: DoraCMS
 CVE-2020-18219
@@ -72237,7 +72237,7 @@ CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to
 CVE-2020-15077
 	RESERVED
 CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versions ma ...)
-	TODO: check
+	NOT-FOR-US: Private Tunnel installer for macOS
 CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...)
 	NOT-FOR-US: OpenVPN Connect installer for macOS
 CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...)
@@ -178249,11 +178249,11 @@ CVE-2018-16500
 CVE-2018-16499 (In VOS compromised, an attacker at network endpoints can possibly view ...)
 	TODO: check
 CVE-2018-16498 (In Versa Director, the unencrypted backup files stored on the Versa de ...)
-	TODO: check
+	NOT-FOR-US: Versa
 CVE-2018-16497 (In Versa Analytics, the cron jobs are used for scheduling tasks by exe ...)
-	TODO: check
+	NOT-FOR-US: Versa
 CVE-2018-16496 (In Versa Director, the un-authentication request found. ...)
-	TODO: check
+	NOT-FOR-US: Versa
 CVE-2018-16495 (In VOS user session identifier (authentication token) is issued to the ...)
 	TODO: check
 CVE-2018-16494 (In VOS and overly permissive "umask" may allow for authorized users of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8954d91b3f3309d1e3e172d9504816062b9fab5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8954d91b3f3309d1e3e172d9504816062b9fab5e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210526/27b3e8fb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list