[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc2416ef by Neil Williams at 2022-02-14T09:12:02+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14968,7 +14968,7 @@ CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite 
(Mastermed Dashboard) ver
 CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce 
transport la ...)
        NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-4035 (A stored cross site scripting have been identified at the 
comments in  ...)
-       TODO: check
+       NOT-FOR-US: Wocu Monitoring
 CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) 
version 2 ...)
        NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) 
version 2 ...)
@@ -72291,9 +72291,9 @@ CVE-2021-22826 (A CWE-20: Improper Input Validation 
vulnerability exists that co
 CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an 
Unauthorized Actor  ...)
        NOT-FOR-US: Schneider Electric
 CVE-2021-22824 (A CWE-120: Buffer Copy without Checking Size of Input 
vulnerability ex ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22823 (A CWE-306: Missing Authentication for Critical Function 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page 
Generation ( ...)
        NOT-FOR-US: Schneider Electric
 CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability 
exists that ...)
@@ -72327,27 +72327,27 @@ CVE-2021-22808 (A CWE-416: Use After Free 
vulnerability exists that could cause
 CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could 
cause a ...)
        NOT-FOR-US: Schneider Electric
 CVE-2021-22806 (A CWE-669: Incorrect Resource Transfer Between Spheres 
vulnerability e ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22805 (A CWE-306: Missing Authentication for Critical Function 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22804 (A CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22803 (A CWE-434: Unrestricted Upload of File with Dangerous Type 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22802 (A CWE-120: Buffer Copy without Checking Size of Input 
vulnerability ex ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22801 (A CWE-269: Improper Privilege Management vulnerability exists 
that cou ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22800 (A CWE-20: Improper Input Validation vulnerability exists that 
could ca ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that 
could cause  ...)
        NOT-FOR-US: Schneider Electric
 CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability 
exists t ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22797
        RESERVED
 CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that 
could all ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22795
        RESERVED
 CVE-2021-22794
@@ -72363,13 +72363,13 @@ CVE-2021-22790 (A CWE-125: Out-of-bounds Read 
vulnerability that could cause a D
 CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the 
Bounds of a M ...)
        NOT-FOR-US: Schneider Electric
 CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could 
cause d ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that 
could ca ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22786
        RESERVED
 CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that 
could cause  ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function 
vulnerability  ...)
        NOT-FOR-US: Schneider Electric
 CVE-2021-22783
@@ -72443,7 +72443,7 @@ CVE-2021-22750 (A CWE-787: Out-of-bounds write 
vulnerability exists inIGSS Defin
 CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an 
Unauthorized Actor  ...)
        NOT-FOR-US: Schneider
 CVE-2021-22748 (A CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory  ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions 
vulnerability exi ...)
        NOT-FOR-US: Tricon
 CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions 
vulnerability exi ...)
@@ -75751,7 +75751,7 @@ CVE-2020-36064 (Online Course Registration v1.0 was 
discovered to contain hardco
 CVE-2020-36063
        RESERVED
 CVE-2020-36062 (Dairy Farm Shop Management System v1.0 was discovered to 
contain hardc ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
 CVE-2020-36061
        RESERVED
 CVE-2020-36060
@@ -89385,7 +89385,7 @@ CVE-2021-0526 (In memory management driver, there is a 
possible out of bounds wr
 CVE-2021-0525 (In memory management driver, there is a possible out of bounds 
write d ...)
        NOT-FOR-US: MediaTek components for Android
 CVE-2021-0524 (In isServiceDistractionOptimized of 
CarPackageManagerService.java, the ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible 
way to e ...)
        NOT-FOR-US: Android
 CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is 
a possi ...)
@@ -94429,7 +94429,7 @@ CVE-2020-26730
 CVE-2020-26729
        RESERVED
 CVE-2020-26728 (A vulnerability was discovered in Tenda AC9 v3.0 
V15.03.06.42_multi an ...)
-       TODO: check
+       NOT-FOR-US: Tenda AC9 Router
 CVE-2020-26727
        RESERVED
 CVE-2020-26726
@@ -122046,11 +122046,11 @@ CVE-2020-14525 (Philips Clinical Collaboration 
Platform, Versions 12.2.1 and pri
 CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest 
build o ...)
        NOT-FOR-US: Softing Industrial Automation
 CVE-2020-14523 (Multiple Mitsubishi Electric Factory Automation products have 
a vulner ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest 
build o ...)
        NOT-FOR-US: Softing Industrial Automation
 CVE-2020-14521 (Multiple Mitsubishi Electric Factory Automation engineering 
software p ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2020-14520 (The affected product is vulnerable to an information leak, 
which may a ...)
        NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-14519 (This vulnerability allows an attacker to use the internal 
WebSockets A ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2416efbc1ccebca4f59d0302a0a8ad857ec9da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2416efbc1ccebca4f59d0302a0a8ad857ec9da
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits