[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 8 09:55:18 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
609e1f46 by Salvatore Bonaccorso at 2021-09-08T10:55:04+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8015,7 +8015,7 @@ CVE-2021-37147
 CVE-2021-37146
 	RESERVED
 CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in a ...)
-	TODO: check
+	NOT-FOR-US: Poly (formerly Polycom)
 CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...)
 	NOT-FOR-US: CSZ CMS
 CVE-2021-37143
@@ -16220,7 +16220,7 @@ CVE-2021-33601
 CVE-2021-33600
 	RESERVED
 CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...)
-	TODO: check
+	NOT-FOR-US: F-Secure Antivirus
 CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
@@ -38660,7 +38660,7 @@ CVE-2021-24613
 CVE-2021-24612
 	RESERVED
 CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24610
 	RESERVED
 CVE-2021-24609
@@ -79804,11 +79804,11 @@ CVE-2020-19857
 CVE-2020-19856
 	RESERVED
 CVE-2020-19855 (phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /i ...)
-	TODO: check
+	NOT-FOR-US: phpwcms
 CVE-2020-19854
 	RESERVED
 CVE-2020-19853 (BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. ...)
-	TODO: check
+	NOT-FOR-US: BlueCMS
 CVE-2020-19852
 	RESERVED
 CVE-2020-19851
@@ -79978,11 +79978,11 @@ CVE-2020-19770
 CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob  ...)
 	TODO: check
 CVE-2020-19768 (A lack of target address verification in the selfdestructs() function  ...)
-	TODO: check
+	NOT-FOR-US: ICOVO
 CVE-2020-19767 (A lack of target address verification in the destroycontract() functio ...)
-	TODO: check
+	NOT-FOR-US: 0xRACER
 CVE-2020-19766 (The time check operation of PepeAuctionSale 1.0 can be rendered ineffe ...)
-	TODO: check
+	NOT-FOR-US: PepeAuctionSale
 CVE-2020-19765 (An issue in the noReentrance() modifier of the Ethereum-based contract ...)
 	TODO: check
 CVE-2020-19764
@@ -111141,7 +111141,7 @@ CVE-2020-7879
 CVE-2020-7878
 	RESERVED
 CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...)
-	TODO: check
+	NOT-FOR-US: ZOOK
 CVE-2020-7876
 	RESERVED
 CVE-2020-7875
@@ -111165,7 +111165,7 @@ CVE-2020-7867
 CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component,  ...)
 	NOT-FOR-US: XPLATFORM
 CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...)
-	TODO: check
+	NOT-FOR-US: ExECM CoreB2B
 CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file upload  ...)
 	NOT-FOR-US: Raonwiz DEXT5Editor
 CVE-2020-7863 (A vulnerability in File Transfer Solution of Raonwiz could allow arbit ...)
@@ -111231,7 +111231,7 @@ CVE-2020-7834
 CVE-2020-7833
 	RESERVED
 CVE-2020-7832 (A vulnerability (improper input validation) in the DEXT5 Upload soluti ...)
-	TODO: check
+	NOT-FOR-US: DEXT5 Upload
 CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...)
 	NOT-FOR-US: Inogard Ebiz4u
 CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...)
@@ -111257,7 +111257,7 @@ CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version conta
 CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a  ...)
 	NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
 CVE-2020-7819 (A SQL-Injection vulnerability in the nTracker USB Enterprise(secure US ...)
-	TODO: check
+	NOT-FOR-US: nTracker USB Enterprise
 CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...)
 	NOT-FOR-US: Daview
 CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program through th ...)
@@ -173542,7 +173542,7 @@ CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 29
 CVE-2019-5319 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
 	NOT-FOR-US: Aruba
 CVE-2019-5318 (A remote cross-site request forgery (csrf) vulnerability was discovere ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...)
 	NOT-FOR-US: Aruba
 CVE-2019-5316



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/609e1f4602773e0ee8d80acd22a34c9f2b86bb97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/609e1f4602773e0ee8d80acd22a34c9f2b86bb97
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210908/f9b6ef15/attachment.htm>

More information about the debian-security-tracker-commits mailing list