[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 10 09:52:54 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08881576 by Salvatore Bonaccorso at 2021-09-10T10:52:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14871,13 +14871,13 @@ CVE-2021-34348
 CVE-2021-34347
 	RESERVED
 CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2022-20001
 	RESERVED
 CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...)
@@ -28809,13 +28809,13 @@ CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing
 CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect  ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28812 (A command injection vulnerability has been reported to affect certain  ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote  ...)
@@ -81370,37 +81370,37 @@ CVE-2020-19297
 CVE-2020-19296
 	RESERVED
 CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add  ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u  ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply  ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-19279
 	RESERVED
 CVE-2020-19278
@@ -183770,7 +183770,7 @@ CVE-2018-19959
 CVE-2018-19958
 	RESERVED
 CVE-2018-19957 (A vulnerability involving insufficient HTTP security headers has been  ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-19956 (The cross-site scripting vulnerability has been reported to affect ear ...)
 	NOT-FOR-US: QNAP
 CVE-2018-19955 (The cross-site scripting vulnerability has been reported to affect ear ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0888157698cf1d439035567ae53c7ae1668e5874

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0888157698cf1d439035567ae53c7ae1668e5874
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210910/972dbc1a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list