[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 16 05:26:50 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc94b45f by Salvatore Bonaccorso at 2021-09-16T06:26:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32676,7 +32676,7 @@ CVE-2021-27664
 CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM  ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2021-27662 (The KT-1 door controller is susceptible to replay or man-in-the-middle ...)
-	TODO: check
+	NOT-FOR-US: KT-1 door controller
 CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
 	NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller
 CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...)
@@ -35583,13 +35583,13 @@ CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability
 CVE-2021-26438
 	RESERVED
 CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26434 (Visual Studio Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...)
@@ -46627,7 +46627,7 @@ CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php s
 CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.php scri ...)
 	NOT-FOR-US: Advantech R-SeeNet
 CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro PDF
 CVE-2021-21797
 	RESERVED
 CVE-2021-21796
@@ -53211,7 +53211,7 @@ CVE-2020-35342
 CVE-2020-35341
 	RESERVED
 CVE-2020-35340 (A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 ...)
-	TODO: check
+	NOT-FOR-US: ExpertPDF
 CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnerability ...)
 	NOT-FOR-US: 74cms
 CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
@@ -78683,19 +78683,19 @@ CVE-2020-21129
 CVE-2020-21128
 	RESERVED
 CVE-2020-21127 (MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs ...)
-	TODO: check
+	NOT-FOR-US: MetInfo
 CVE-2020-21126 (MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/? ...)
-	TODO: check
+	NOT-FOR-US: MetInfo
 CVE-2020-21125 (An arbitrary file creation vulnerability in UReport 2.2.9 allows attac ...)
-	TODO: check
+	NOT-FOR-US: UReport
 CVE-2020-21124 (UReport 2.2.9 allows attackers to execute arbitrary code due to a lack ...)
-	TODO: check
+	NOT-FOR-US: UReport
 CVE-2020-21123
 	RESERVED
 CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the de ...)
-	TODO: check
+	NOT-FOR-US: UReport
 CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via  ...)
-	TODO: check
+	NOT-FOR-US: Pligg CMS
 CVE-2020-21120
 	RESERVED
 CVE-2020-21119
@@ -82738,33 +82738,33 @@ CVE-2020-19161
 CVE-2020-19160
 	RESERVED
 CVE-2020-19159 (Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attacke ...)
-	TODO: check
+	NOT-FOR-US: LaikeTui
 CVE-2020-19158 (Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows  ...)
-	TODO: check
+	NOT-FOR-US: S-CMS
 CVE-2020-19157 (Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: Wenku CMS
 CVE-2020-19156 (Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers t ...)
 	TODO: check
 CVE-2020-19155 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2020-19154 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2020-19153
 	RESERVED
 CVE-2020-19152
 	RESERVED
 CVE-2020-19151 (Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attac ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2020-19150 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2020-19149
 	RESERVED
 CVE-2020-19148 (Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows rem ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2020-19147 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2020-19146 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2020-19145
 	RESERVED
 CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial  ...)
@@ -122388,7 +122388,7 @@ CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi
 CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)
 	NOT-FOR-US: VMware
 CVE-2020-3960 (VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-20 ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
 	NOT-FOR-US: VMware
 CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc94b45f80ada7b2dff2441f4549e9e5a8b244bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc94b45f80ada7b2dff2441f4549e9e5a8b244bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210916/f11504bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list