[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue, 05 Apr 2022 06:27:04 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
070a6fa0 by Neil Williams at 2022-04-05T14:26:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57067,7 +57067,7 @@ CVE-2021-32959 (Heap-based buffer overflow in SuiteLink 
server while processing
 CVE-2021-32958
        RESERVED
 CVE-2021-32957 (A function in MDT AutoSave versions prior to v6.02.06 is used 
to retri ...)
-       TODO: check
+       NOT-FOR-US: Auvesy-MDT
 CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is 
vulnerable to re ...)
        NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows 
unrestrict ...)
@@ -57075,7 +57075,7 @@ CVE-2021-32955 (Delta Electronics DIAEnergie Version 
1.7.5 and prior allows unre
 CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is 
vulnerable to a  ...)
        NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2021-32953 (An attacker could utilize SQL commands to create a new user 
MDT AutoSa ...)
-       TODO: check
+       NOT-FOR-US: Auvesy-MDT
 CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading 
procedure  ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an 
improper aut ...)
@@ -57083,7 +57083,7 @@ CVE-2021-32951 (WebAccess/NMS (Versions prior to 
v3.0.3_Build6299) has an improp
 CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF 
files in  ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32949 (An attacker could utilize a function in MDT AutoSave versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: Auvesy-MDT
 CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading 
procedure  ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is 
vulnerable t ...)
@@ -57091,7 +57091,7 @@ CVE-2021-32947 (FATEK Automation FvDesigner, Versions 
1.5.88 and prior is vulner
 CVE-2021-32946 (An improper check for unusual or exceptional conditions issue 
exists w ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32945 (An attacker could decipher the encryption and gain access to 
MDT AutoS ...)
-       TODO: check
+       NOT-FOR-US: Auvesy-MDT
 CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading 
procedure in the ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer 
overflow, w ...)
@@ -57107,7 +57107,7 @@ CVE-2021-32939 (FATEK Automation FvDesigner, Versions 
1.5.88 and prior is vulner
 CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to 
an out-o ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32937 (An attacker can gain knowledge of a session temporary working 
folder w ...)
-       TODO: check
+       NOT-FOR-US: Auvesy-MDT
 CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering 
procedu ...)
        NOT-FOR-US: Open Design Alliance
 CVE-2021-32935
@@ -57115,7 +57115,7 @@ CVE-2021-32935
 CVE-2021-32934
        RESERVED
 CVE-2021-32933 (An attacker could leverage an API to pass along a malicious 
file that  ...)
-       TODO: check
+       NOT-FOR-US: Auvesy-MDT
 CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which 
may allow ...)
        NOT-FOR-US: Advantech
 CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, 
Versions 1.5. ...)
@@ -58306,7 +58306,7 @@ CVE-2021-32505
 CVE-2021-32504
        RESERVED
 CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through 
GET reques ...)
-       TODO: check
+       NOT-FOR-US: SICK FTMg flow sensors
 CVE-2021-32502
        REJECTED
 CVE-2021-32501
@@ -64238,17 +64238,17 @@ CVE-2021-30335 (Possible assertion in QOS request due 
to improper validation whe
 CVE-2021-30334
        RESERVED
 CVE-2021-30333 (Improper validation of buffer size input to the EFS file can 
lead to m ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2021-30332 (Possible assertion due to improper validation of OTA 
configuration in  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2021-30331 (Possible buffer overflow due to improper data validation of 
external c ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2021-30330 (Possible null pointer dereference due to improper validation 
of APE cl ...)
        NOT-FOR-US: Qualcomm
 CVE-2021-30329 (Possible assertion due to improper validation of TCI 
configuration in  ...)
        TODO: check
 CVE-2021-30328 (Possible assertion due to improper validation of invalid NR 
CSI-IM res ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2021-30327
        RESERVED
 CVE-2021-30326 (Possible assertion due to improper size validation while 
processing th ...)
@@ -68948,7 +68948,7 @@ CVE-2021-28506 (An issue has recently been discovered 
in Arista EOS where certai
 CVE-2021-28505
        RESERVED
 CVE-2021-28504 (On Arista Strata family products which have “TCAM 
profile” ...)
-       TODO: check
+       NOT-FOR-US: Arista
 CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may 
skip re ...)
        NOT-FOR-US: Arista
 CVE-2021-28502
@@ -71381,7 +71381,7 @@ CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile 
Application, Ypsomed mylife
 CVE-2021-27502
        RESERVED
 CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow 
certain c ...)
-       TODO: check
+       NOT-FOR-US: Philips Vue PACS
 CVE-2021-27500
        RESERVED
 CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed 
mylife Cloud: ...)
@@ -71389,7 +71389,7 @@ CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile 
Application, Ypsomed mylife
 CVE-2021-27498
        RESERVED
 CVE-2021-27497 (Philips Vue PACS versions 12.2.x.x and prior does not use or 
incorrect ...)
-       TODO: check
+       NOT-FOR-US: Philips Vue PACS
 CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, 
Step3dRead, ...)
        NOT-FOR-US: Datakit
 CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife 
Cloud,A ...)
@@ -71397,7 +71397,7 @@ CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile 
Application:Ypsomed mylife C
 CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, 
Step3dRead, ...)
        NOT-FOR-US: Datakit
 CVE-2021-27493 (Philips Vue PACS versions 12.2.x.x and prior does not ensure 
or incorr ...)
-       TODO: check
+       NOT-FOR-US: Philips Vue PACS
 CVE-2021-27492 (When opening a specially crafted 3DXML file, the application 
containin ...)
        NOT-FOR-US: Datakit
 CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife 
Cloud,A ...)
@@ -72007,7 +72007,7 @@ CVE-2021-27225 (In Dataiku DSS before 8.0.6, 
insufficient access control in the
 CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a 
user-mode write ...)
        NOT-FOR-US: WPG plugin for IrfanView
 CVE-2021-27223 (A denial-of-service issue existed in one of modules that was 
incorpora ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky Antivirus
 CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote 
authenticat ...)
        NOT-FOR-US: "Time in Status" app
 CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote 
authenticated ft ...)
@@ -73466,9 +73466,9 @@ CVE-2021-26626
 CVE-2021-26625
        RESERVED
 CVE-2021-26624 (An local privilege escalation vulnerability due to a 
"runasroot" comma ...)
-       TODO: check
+       NOT-FOR-US: eScan Antivirus
 CVE-2021-26623 (A remote code execution vulnerability due to incomplete check 
for 'xhe ...)
-       TODO: check
+       NOT-FOR-US: Bandizip for Windows
 CVE-2021-26622 (An remote code execution vulnerability due to SSTI 
vulnerability and i ...)
        NOT-FOR-US: Genian NAC
 CVE-2021-26621 (An Buffer Overflow vulnerability leading to remote code 
execution was  ...)
@@ -81643,9 +81643,9 @@ CVE-2021-23290
 CVE-2021-23289
        RESERVED
 CVE-2021-23288 (The vulnerability exists due to insufficient validation of 
input from  ...)
-       TODO: check
+       NOT-FOR-US: Eaton Intelligent Power Protector (IPP)
 CVE-2021-23287 (The vulnerability exists due to insufficient validation of 
input of ce ...)
-       TODO: check
+       NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
 CVE-2021-23286
        RESERVED
 CVE-2021-23285
@@ -81727,7 +81727,7 @@ CVE-2021-23249
 CVE-2021-23248
        RESERVED
 CVE-2021-23247 (A command injection vulerability found in quick game engine 
allows arb ...)
-       TODO: check
+       NOT-FOR-US: oppo
 CVE-2021-23246 (In ACE2 ColorOS11, the attacker can obtain the foreground 
package name ...)
        NOT-FOR-US: ACE2 ColorOS11
 CVE-2021-23245
@@ -83972,7 +83972,7 @@ CVE-2021-22279 (A Missing Authentication vulnerability 
in RobotWare for the Omni
 CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update 
Manager allows ...)
        NOT-FOR-US: PCM600 Update Manager
 CVE-2021-22277 (Improper Input Validation vulnerability in ABB 800xA, Control 
Software ...)
-       TODO: check
+       NOT-FOR-US: ABB AC 800M
 CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the 
integrity ...)
        NOT-FOR-US: ABB
 CVE-2021-22275
@@ -93648,7 +93648,7 @@ CVE-2021-1944
 CVE-2021-1943 (Possible buffer out of bound read can occur due to improper 
validation ...)
        NOT-FOR-US: Snapdragon
 CVE-2021-1942 (Improper handling of permissions of a shared memory region can 
lead to ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-1941 (Possible buffer over read issue due to improper length check on 
WPA IE ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1940 (Use after free can occur due to improper handling of response 
from fir ...)
@@ -100846,7 +100846,7 @@ CVE-2020-28064
 CVE-2020-28063 (A file upload issue exists in all versions of ArticleCMS which 
allows  ...)
        NOT-FOR-US: ArticleCMS
 CVE-2020-28062 (An Access Control vulnerability exists in HisiPHP 2.0.11 via 
special p ...)
-       TODO: check
+       NOT-FOR-US: HisiPHP
 CVE-2020-28061
        RESERVED
 CVE-2020-28060
@@ -132645,7 +132645,7 @@ CVE-2020-14481 (The DeskLock tool provided with 
FactoryTalk View SE uses a weak
 CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random 
Access  ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2020-14479 (Sensitive information can be obtained through the handling of 
serializ ...)
-       TODO: check
+       NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-14478 (A local, authenticated attacker could use an XML External 
Entity (XXE) ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, 
Ultrasound CX V ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/070a6fa0aa4b3f38a27f6c519ee7b82c2b597035

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/070a6fa0aa4b3f38a27f6c519ee7b82c2b597035
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to