[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 31 21:16:16 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27923c43 by Salvatore Bonaccorso at 2021-05-31T22:16:01+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8391,9 +8391,9 @@ CVE-2021-30182
 CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...)
 	NOT-FOR-US: Apache Dubbo
 CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...)
-	TODO: check
+	NOT-FOR-US: Apache Dubbo
 CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...)
-	TODO: check
+	NOT-FOR-US: Apache Dubbo
 CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used b ...)
 	- file-roller 3.38.1-1
 	[buster] - file-roller <no-dsa> (Minor issue)
@@ -9626,7 +9626,7 @@ CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0
 CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is  ...)
 	NOT-FOR-US: IBM
 CVE-2021-29665 (IBM Security Verify Access 20.07 is vulnerable to a stack based buffer ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-29664
 	RESERVED
 CVE-2020-36305
@@ -19543,7 +19543,7 @@ CVE-2021-25642
 CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell the clien ...)
 	NOT-FOR-US: Apache Dubbo
 CVE-2021-25640 (In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method ...)
-	TODO: check
+	NOT-FOR-US: Apache Dubbo
 CVE-2021-25639
 	RESERVED
 CVE-2021-25638
@@ -32370,7 +32370,7 @@ CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric
 CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive information  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20584
 	RESERVED
 CVE-2021-20583
@@ -32388,9 +32388,9 @@ CVE-2021-20578
 CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker to send ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored locally ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20574
 	RESERVED
 CVE-2021-20573
@@ -101753,7 +101753,7 @@ CVE-2020-4563
 CVE-2020-4562 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
 	NOT-FOR-US: IBM
 CVE-2020-4561 (IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all co ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
 	NOT-FOR-US: IBM
 CVE-2020-4559 (IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a de ...)
@@ -101835,7 +101835,7 @@ CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-s
 CVE-2020-4521 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authe ...)
 	NOT-FOR-US: IBM
 CVE-2020-4520 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to in ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4519
 	RESERVED
 CVE-2020-4518
@@ -102167,7 +102167,7 @@ CVE-2020-4356
 CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
 CVE-2020-4354 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device  ...)
 	NOT-FOR-US: IBM
 CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
@@ -102275,7 +102275,7 @@ CVE-2020-4302 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker
 CVE-2020-4301
 	RESERVED
 CVE-2020-4300 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...)
 	NOT-FOR-US: IBM
 CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
@@ -156907,7 +156907,7 @@ CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.5
 CVE-2019-4731 (IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highl ...)
 	NOT-FOR-US: IBM
 CVE-2019-4730 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
 	NOT-FOR-US: IBM
 CVE-2019-4728 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...)
@@ -156919,11 +156919,11 @@ CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.
 CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4724 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4723 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4722 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4721
 	RESERVED
 CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
@@ -157061,7 +157061,7 @@ CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.
 CVE-2019-4654 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly va ...)
 	NOT-FOR-US: IBM
 CVE-2019-4653 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...)
 	NOT-FOR-US: IBM Spectrum Protect Plus
 CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...)
@@ -157425,7 +157425,7 @@ CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and
 CVE-2019-4472
 	RESERVED
 CVE-2019-4471 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
 	NOT-FOR-US: IBM
 CVE-2019-4469



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27923c43f93766601c1ca865feaab335c76f938e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27923c43f93766601c1ca865feaab335c76f938e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210531/02b06049/attachment.htm>

More information about the debian-security-tracker-commits mailing list