[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Wed, 18 Aug 2021 10:32:51 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c136989e by Salvatore Bonaccorso at 2021-08-18T19:32:18+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2021-39270
 CVE-2021-39269
        RESERVED
 CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of 
SuiteCRM ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of 
SuiteCRM ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2021-39266
        RESERVED
 CVE-2021-39265
@@ -47,11 +47,11 @@ CVE-2021-39252
 CVE-2021-39251
        RESERVED
 CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) 
before 4.6.5. ...)
-       TODO: check
+       NOT-FOR-US: Invision Community
 CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) 
before 4.6.5. ...)
-       TODO: check
+       NOT-FOR-US: Invision Community
 CVE-2021-39248 (Open edX through Lilac.1 allows XSS in 
common/static/common/js/discuss ...)
-       TODO: check
+       NOT-FOR-US: Open edX
 CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer 
over-read,  ...)
        TODO: check
 CVE-2021-39246
@@ -1179,7 +1179,7 @@ CVE-2021-3708 (D-Link router DSL-2750U with firmware 
vME1.16 or prior versions i
 CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions 
is vul ...)
        NOT-FOR-US: D-Link
 CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 
2021-08-14 a ...)
-       TODO: check
+       NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
 CVE-2021-38701
        RESERVED
 CVE-2021-38700
@@ -23748,7 +23748,7 @@ CVE-2021-29315
 CVE-2021-29314
        RESERVED
 CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 
via the ...)
-       TODO: check
+       NOT-FOR-US: SeaCMS
 CVE-2021-29312
        RESERVED
 CVE-2021-29311
@@ -24288,7 +24288,7 @@ CVE-2021-29083 (Improper neutralization of special 
elements used in an OS comman
 CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not 
proper ...)
        NOT-FOR-US: Motorola MH702x devices
 CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 
device ...)
-       TODO: check
+       NOT-FOR-US: MM1000 device
 CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed 
withou ...)
        NOT-FOR-US: Motorola MM1000 device configuration portal
 CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
@@ -45445,7 +45445,7 @@ CVE-2021-20794
 CVE-2021-20793
        RESERVED
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master 
versions  ...)
-       TODO: check
+       NOT-FOR-US: Quiz And Survey Master
 CVE-2021-20791
        RESERVED
 CVE-2021-20790
@@ -45479,51 +45479,51 @@ CVE-2021-20777 (Improper authorization in handler for 
custom URL scheme vulnerab
 CVE-2021-20776 (Improper authentication vulnerability in SCT-40CM01SR and 
AT-40CM01SR  ...)
        NOT-FOR-US: SCT-40CM01SR and AT-40CM01SR
 CVE-2021-20775 (Improper input validation vulnerability in Bulletin of Cybozu 
Garoon 4 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20774 (Cross-site scripting vulnerability in some functions of E-mail 
of Cybo ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 
5.5.0,  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu 
Garoon 4.10 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group 
Mail of  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 
4.6.0 t ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20769 (Cross-site scripting vulnerability in Bulletin of Cybozu 
Garoon 4.6.0  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20768 (Operational restrictions bypass vulnerability in Scheduler and 
MultiRe ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20767 (Cross-site scripting vulnerability in Full Text Search of 
Cybozu Garoo ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20766 (Cross-site scripting vulnerability in Message of Cybozu Garoon 
4.0.0 t ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20765 (Cross-site scripting vulnerability in Bulletin of Cybozu 
Garoon 4.0.0  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20764 (Improper input validation vulnerability in Attaching Files of 
Cybozu G ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20763 (Operational restrictions bypass vulnerability in Portal of 
Cybozu Garo ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20762 (Improper input validation vulnerability in E-mail of Cybozu 
Garoon 4.0 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20761 (Improper input validation vulnerability in E-mail of Cybozu 
Garoon 4.0 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20760 (Improper input validation vulnerability in User Profile of 
Cybozu Garo ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20759 (Operational restrictions bypass vulnerability in Bulletin of 
Cybozu Ga ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20758 (Cross-site request forgery (CSRF) vulnerability in Message of 
Cybozu G ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20757 (Operational restrictions bypass vulnerability in E-mail of 
Cybozu Garo ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20756 (Viewing restrictions bypass vulnerability in Address of Cybozu 
Garoon  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20755 (Viewing restrictions bypass vulnerability in Portal of Cybozu 
Garoon 4 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20754 (Improper input validation vulnerability in Workflow of Cybozu 
Garoon 4 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20753 (Cross-site scripting vulnerability in Scheduler of Cybozu 
Garoon 4.0.0 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all 
versions a ...)
        NOT-FOR-US: IkaIka RSS Reader
 CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 
4.0.5-p ...)
@@ -58494,7 +58494,7 @@ CVE-2021-0116
 CVE-2021-0115
        RESERVED
 CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT 
featur ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server 
Board M10J ...)
        NOT-FOR-US: Intel
 CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows 
before  ...)
@@ -68846,13 +68846,13 @@ CVE-2020-23335
 CVE-2020-23334 (A WRITE memory access in the 
AP4_NullTerminatedStringAtom::AP4_NullTer ...)
        TODO: check
 CVE-2020-23333 (A heap-based buffer overflow exists in the 
AP4_CttsAtom::AP4_CttsAtom  ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2020-23332 (A heap-based buffer overflow exists in the 
AP4_StdcFileByteStream::Rea ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2020-23331 (An issue was discovered in Bento4 version 06c39d9. A NULL 
pointer dere ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2020-23330 (An issue was discovered in Bento4 version 06c39d9. A NULL 
pointer dere ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2020-23329
        RESERVED
 CVE-2020-23328
@@ -79521,7 +79521,7 @@ CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS 
v2.0 allows remote attacke
 CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote 
attackers t ...)
        NOT-FOR-US: LAOBANCMS
 CVE-2020-18164 (SQL Injection vulnerability exists in tp-shop 2.x-3.x via the 
/index.p ...)
-       TODO: check
+       NOT-FOR-US: tp-shop
 CVE-2020-18163
        RESERVED
 CVE-2020-18162
@@ -91086,9 +91086,9 @@ CVE-2020-13591 (An exploitable SQL injection 
vulnerability exists in the "access
 CVE-2020-13590
        RESERVED
 CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the 
&#8216;entiti ...)
-       TODO: check
+       NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the 
&#8216;entiti ...)
-       TODO: check
+       NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the 
"forms_fields ...)
        NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document 
SST Rec ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c136989e878c4ec1f0f6b4d34e44e6ae67e1fa33

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c136989e878c4ec1f0f6b4d34e44e6ae67e1fa33
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to