[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 1 21:35:35 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49fc4d91 by Salvatore Bonaccorso at 2021-10-01T22:35:04+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2020,13 +2020,13 @@ CVE-2021-40930
 CVE-2021-40929
 	RESERVED
 CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...)
-	TODO: check
+	NOT-FOR-US: FlexTV
 CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...)
-	TODO: check
+	NOT-FOR-US: Spotify-for-Alfred
 CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...)
 	TODO: check
 CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...)
-	TODO: check
+	NOT-FOR-US: infaveo-helpdesk
 CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs  ...)
 	TODO: check
 CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs  ...)
@@ -2034,7 +2034,7 @@ CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in
 CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs  ...)
 	TODO: check
 CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...)
-	TODO: check
+	NOT-FOR-US: Detector
 CVE-2021-40920
 	RESERVED
 CVE-2021-40919
@@ -8734,9 +8734,9 @@ CVE-2021-38106
 CVE-2021-38105
 	RESERVED
 CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
-	TODO: check
+	NOT-FOR-US: Corel Presentations
 CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
-	TODO: check
+	NOT-FOR-US: Corel Presentations
 CVE-2021-38102
 	RESERVED
 CVE-2021-38101
@@ -8744,13 +8744,13 @@ CVE-2021-38101
 CVE-2021-38100
 	RESERVED
 CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
-	TODO: check
+	NOT-FOR-US: Corel PhotoPaint Standard
 CVE-2021-38098
 	RESERVED
 CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...)
-	TODO: check
+	NOT-FOR-US: Corel PDF Fusion
 CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...)
-	TODO: check
+	NOT-FOR-US: Corel PDF Fusion
 CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
 	NOT-FOR-US: Planview Spigit
 CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...)
@@ -15224,7 +15224,7 @@ CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows atta
 CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
 	- zammad <itp> (bug #841355)
 CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...)
-	TODO: check
+	NOT-FOR-US: Scalabium dBase Viewer
 CVE-2021-35296
 	RESERVED
 CVE-2021-35295
@@ -30784,11 +30784,11 @@ CVE-2021-29112
 CVE-2021-29111
 	RESERVED
 CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may  ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 a ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2021-29108 (There is an privilege escalation vulnerability in organization-specifi ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
 	NOT-FOR-US: ArcGIS Server Manager
 CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...)
@@ -43424,7 +43424,7 @@ CVE-2021-23895 (Deserialization of untrusted data vulnerability in McAfee Databa
 CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...)
 	NOT-FOR-US: McAfee
 CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver of McAfe ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...)
 	NOT-FOR-US: McAfee
 CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
@@ -80717,11 +80717,11 @@ CVE-2020-21016
 CVE-2020-21015
 	RESERVED
 CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php. ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
 CVE-2020-21011
 	RESERVED
 CVE-2020-21010



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49fc4d91f15a717471cf9725fd246bc1ddf9010a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49fc4d91f15a717471cf9725fd246bc1ddf9010a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211001/59a47a88/attachment.htm>

More information about the debian-security-tracker-commits mailing list