[Git][security-tracker-team/security-tracker][master] 2 commits: Process one Micro Focus specific NFU

Salvatore Bonaccorso Thu, 25 Mar 2021 13:53:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
535b0531 by Salvatore Bonaccorso at 2021-03-25T21:32:16+01:00
Process one Micro Focus specific NFU

- - - - -
4c396665 by Salvatore Bonaccorso at 2021-03-25T21:49:02+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -149,7 +149,7 @@ CVE-2021-29158
 CVE-2021-29157
        RESERVED
 CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the 
Webfinger ...)
-       TODO: check
+       NOT-FOR-US: ForgeRock OpenAM
 CVE-2021-29155
        RESERVED
 CVE-2021-29154
@@ -293,7 +293,7 @@ CVE-2021-29098
 CVE-2021-29097
        RESERVED
 CVE-2021-29096 (A use-after-free vulnerability when parsing a specially 
crafted file i ...)
-       TODO: check
+       NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-29095
        RESERVED
 CVE-2021-29094
@@ -4603,13 +4603,13 @@ CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry 
Server before 7.19.67 has
 CVE-2021-27196
        RESERVED
 CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to 
and inc ...)
-       TODO: check
+       NOT-FOR-US: Netop Vision Pro
 CVE-2021-27194 (Cleartext transmission of sensitive information in Netop 
Vision Pro up ...)
-       TODO: check
+       NOT-FOR-US: Netop Vision Pro
 CVE-2021-27193 (Incorrect default permissions vulnerability in the API of 
Netop Vision ...)
-       TODO: check
+       NOT-FOR-US: Netop Vision Pro
 CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of 
Netop V ...)
-       TODO: check
+       NOT-FOR-US: Netop Vision Pro
 CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is 
vulnerable to den ...)
        NOT-FOR-US: Node get-ip-range
 CVE-2021-3408
@@ -5999,9 +5999,9 @@ CVE-2021-3392 (A use-after-free flaw was found in the 
MegaRAID emulator of QEMU.
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
        NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
 CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Nokia NetAct 18A
 CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user 
can chan ...)
-       TODO: check
+       NOT-FOR-US: Nokia NetAct 18A
 CVE-2021-26595 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, 
an atta ...)
        NOT-FOR-US: Directus
 CVE-2021-26594 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, 
an atta ...)
@@ -9078,11 +9078,11 @@ CVE-2021-25370
 CVE-2021-25369
        RESERVED
 CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 
4.7.0.3 allo ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 
4.2.00. ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25366 (Improper access control in Samsung Internet prior to version 
13.2.1.70 ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25365
        RESERVED
 CVE-2021-25364
@@ -9104,17 +9104,17 @@ CVE-2021-25357
 CVE-2021-25356
        RESERVED
 CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 
4.2.00.22 ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25354 (Improper input check in Samsung Internet prior to version 
13.2.1.46 al ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 
5.2.00.121 ...)
        TODO: check
 CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior 
to versi ...)
        TODO: check
 CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung 
Account prio ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to 
version ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to 
version 3.5. ...)
        TODO: check
 CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to 
version 1 ...)
@@ -15089,7 +15089,7 @@ CVE-2021-22661 (Changing the password on the module 
webpage does not require the
 CVE-2021-22660
        RESERVED
 CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may 
allow a ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable 
to a SQL ...)
        NOT-FOR-US: Advantech iView
 CVE-2021-22657
@@ -15415,7 +15415,7 @@ CVE-2021-22498 (XML External Entity Injection 
vulnerability in Micro Focus Appli
 CVE-2021-22497
        RESERVED
 CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access 
Manager Prod ...)
-       TODO: check
+       NOT-FOR-US: Micro Focus
 CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), 
P(9.0), ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung 
Note20 m ...)
@@ -84076,17 +84076,17 @@ CVE-2020-6792 (When deriving an identifier for an 
email message, uninitialized m
 CVE-2020-6791
        RESERVED
 CVE-2020-6790 (Calling an executable through an Uncontrolled Search Path 
Element in t ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2020-6789 (Loading a DLL through an Uncontrolled Search Path Element in 
the Bosch ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2020-6788 (Loading a DLL through an Uncontrolled Search Path Element in 
the Bosch ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2020-6787 (Loading a DLL through an Uncontrolled Search Path Element in 
the Bosch ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2020-6786 (Loading a DLL through an Uncontrolled Search Path Element in 
the Bosch ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2020-6785 (Loading a DLL through an Uncontrolled Search Path Element in 
Bosch BVM ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2020-6784
        RESERVED
 CVE-2020-6783
@@ -84114,7 +84114,7 @@ CVE-2020-6773
 CVE-2020-6772
        RESERVED
 CVE-2020-6771 (Loading a DLL through an Uncontrolled Search Path Element in 
Bosch IP  ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video 
Service (BV ...)
        NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS)
 CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video 
Stream ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f2ad051fd07a4f5d5b666a5847f06fc60a067d6a...4c3966658cb882a460bc7eec3d08972de25f77cc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f2ad051fd07a4f5d5b666a5847f06fc60a067d6a...4c3966658cb882a460bc7eec3d08972de25f77cc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process one Micro Focus specific NFU

Reply via email to