new ircii issue

NFUs
author: Moritz Muehlenhoff <jmm@debian.org> 2021-03-31 10:31:00 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-03-31 19:22:55 +0200
commit: 228171c6285f2fbacffc63c4e03780e8c7c23fdf (patch)
tree: b5ba88395383ef435727cd1c8f9b57adac6fe655
parent: 3612b3a988b29e0310f10c61a0da0d8f34f3bce9 (diff)
2 files changed, 24 insertions, 23 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index d00066e44f..2d94252ad0 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -2743,9 +2743,9 @@ CVE-2020-35140
 CVE-2020-35139
 	RESERVED
 CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
-	TODO: check
+	NOT-FOR-US: MobileIron
 CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
-	TODO: check
+	NOT-FOR-US: MobileIron
 CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.  ...)
 	- dolibarr <removed>
 CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows  ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index de6999b42b..967964dce1 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -42,7 +42,7 @@ CVE-2021-29644
 CVE-2021-29643
 	RESERVED
 CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
-	TODO: check
+	NOT-FOR-US: GistPad
 CVE-2021-29641
 	RESERVED
 CVE-2021-29640
@@ -518,7 +518,7 @@ CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain
 CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
 	TODO: check
 CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
-	TODO: check
+	NOT-FOR-US: Burp Suite (different from src:burp)
 CVE-2021-29415
 	RESERVED
 CVE-2021-29414
@@ -598,7 +598,8 @@ CVE-2021-29378
 CVE-2021-29377
 	RESERVED
 CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
-	TODO: check
+	- ircii <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
 CVE-2021-29375
 	RESERVED
 CVE-2021-29374
@@ -822,7 +823,7 @@ CVE-2021-29269
 CVE-2021-29268
 	RESERVED
 CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: SherlockIM
 CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
 	- linux 5.10.26-1 (unimportant)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5295,15 +5296,15 @@ CVE-2021-27246
 CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations  ...)
 	NOT-FOR-US: TP-Link
 CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...)
-	TODO: check
+	NOT-FOR-US: Avast
 CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: Netgear
 CVE-2021-27238
@@ -6829,7 +6830,7 @@ CVE-2021-26581
 CVE-2021-26580
 	RESERVED
 CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network  ...)
 	NOT-FOR-US: HPE Network Orchestrator (NetO)
 CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
@@ -16529,7 +16530,7 @@ CVE-2021-22196
 CVE-2021-22195
 	RESERVED
 CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -16558,7 +16559,7 @@ CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8
 	- gitlab <not-affected> (Only affects 13.8)
 	NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
 CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
 	[experimental] - gitlab 13.6.6-1
 	- gitlab <unfixed>
@@ -16568,7 +16569,7 @@ CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions st
 CVE-2021-22181
 	RESERVED
 CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab  ...)
 	- gitlab <unfixed>
 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -18167,9 +18168,9 @@ CVE-2021-21414
 CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
 	TODO: check
 CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
-	TODO: check
+	NOT-FOR-US: Node @thi.ng/egf
 CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
-	TODO: check
+	- oauth2-proxy <itp> (bug #982891)
 CVE-2021-21410
 	RESERVED
 CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...)
@@ -18200,7 +18201,7 @@ CVE-2021-21400
 CVE-2021-21399
 	RESERVED
 CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2021-21397
 	RESERVED
 CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
@@ -23341,13 +23342,13 @@ CVE-2021-1631
 CVE-2021-1630
 	RESERVED
 CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
-	TODO: check
+	NOT-FOR-US: Tableau Server
 CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
-	TODO: check
+	NOT-FOR-US: Tableau Server
 CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...)
-	TODO: check
+	NOT-FOR-US: MuleSoft
 CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...)
-	TODO: check
+	NOT-FOR-US: MuleSoft
 CVE-2021-1625
 	RESERVED
 CVE-2021-1624
@@ -23615,7 +23616,7 @@ CVE-2021-1494
 CVE-2021-1493
 	RESERVED
 CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
-	TODO: check
+	NOT-FOR-US: Duo Authentication Proxy
 CVE-2021-1491
 	RESERVED
 CVE-2021-1490
author	Moritz Muehlenhoff <jmm@debian.org>	2021-03-31 10:31:00 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-03-31 19:22:55 +0200
commit	228171c6285f2fbacffc63c4e03780e8c7c23fdf (patch)
tree	b5ba88395383ef435727cd1c8f9b57adac6fe655
parent	3612b3a988b29e0310f10c61a0da0d8f34f3bce9 (diff)