[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Oct 15 09:02:49 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
785fab01 by Salvatore Bonaccorso at 2021-10-15T10:02:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53933,7 +53933,7 @@ CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 do
 CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...)
 	NOT-FOR-US: InBody App
 CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...)
-	TODO: check
+	NOT-FOR-US: OG Tags (WordPress plugin)
 CVE-2021-20830
 	RESERVED
 CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...)
@@ -54400,7 +54400,7 @@ CVE-2021-20601
 CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...)
@@ -84689,27 +84689,27 @@ CVE-2020-19966
 CVE-2020-19965
 	RESERVED
 CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...)
-	TODO: check
+	NOT-FOR-US: PHPMyWind
 CVE-2020-19963
 	RESERVED
 CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...)
-	TODO: check
+	NOT-FOR-US: Chaoji CMS
 CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
-	TODO: check
+	NOT-FOR-US: zz cms
 CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
-	TODO: check
+	NOT-FOR-US: zz cms
 CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
-	TODO: check
+	NOT-FOR-US: zz cms
 CVE-2020-19958
 	RESERVED
 CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
-	TODO: check
+	NOT-FOR-US: zz cms
 CVE-2020-19956
 	RESERVED
 CVE-2020-19955
 	RESERVED
 CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...)
-	TODO: check
+	NOT-FOR-US: S-CMS
 CVE-2020-19953
 	RESERVED
 CVE-2020-19952



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/785fab01f3ec9a4c407971282797f0cc5ed91a1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/785fab01f3ec9a4c407971282797f0cc5ed91a1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211015/cd17f115/attachment-0001.htm>
