[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 27 09:49:16 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08ad23c6 by Salvatore Bonaccorso at 2021-10-27T10:48:55+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3874,7 +3874,7 @@ CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before
 	- onionshare <undetermined>
 	TODO: check details, exact fixing commits unclear
 CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2021-3853
 	RESERVED
 CVE-2021-3852
@@ -15128,25 +15128,25 @@ CVE-2021-37133
 CVE-2021-37132
 	RESERVED
 CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37128
 	RESERVED
 CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37126
 	RESERVED
 CVE-2021-37125
 	RESERVED
 CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...)
 	NOT-FOR-US: Hero-CT060
 CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-37121
 	RESERVED
 CVE-2021-37120
@@ -19596,7 +19596,7 @@ CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through UR
 CVE-2021-35237
 	RESERVED
 CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server  ...)
 	TODO: check
 CVE-2021-35234
@@ -24981,7 +24981,7 @@ CVE-2021-32953
 CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure  ...)
 	NOT-FOR-US: Open Design Alliance
 CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...)
-	TODO: check
+	NOT-FOR-US: WebAccess/NMS
 CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in  ...)
 	NOT-FOR-US: Open Design Alliance
 CVE-2021-32949
@@ -47791,7 +47791,7 @@ CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product R
 CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...)
 	NOT-FOR-US: McAfee
 CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial installer of M ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...)
 	NOT-FOR-US: McAfee
 CVE-2021-23875
@@ -81104,7 +81104,7 @@ CVE-2020-22866
 CVE-2020-22865
 	RESERVED
 CVE-2020-22864 (A cross site scripting (XSS) vulnerability in the Insert Video functio ...)
-	TODO: check
+	NOT-FOR-US: Froala WYSIWYG Editor
 CVE-2020-22863
 	RESERVED
 CVE-2020-22862
@@ -118903,7 +118903,7 @@ CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remo
 CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...)
 	NOT-FOR-US: helpUS(remote administration tool)
 CVE-2020-7867 (An improper input validation vulnerability in Helpu solution could all ...)
-	TODO: check
+	NOT-FOR-US: Helpu
 CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component,  ...)
 	NOT-FOR-US: XPLATFORM
 CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad23c63d78a81b5875e7638b49044f82fe56f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08ad23c63d78a81b5875e7638b49044f82fe56f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211027/27126ebf/attachment.htm>

More information about the debian-security-tracker-commits mailing list