Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6f50252 by Neil Williams at 2022-04-20T13:40:49+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37017,7 +37017,7 @@ CVE-2021-42232
CVE-2021-42231
RESERVED
CVE-2021-42230 (Seowon 130-SLC router all versions as of 2021-09-15 is
vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: SEOWON 130-SLC
CVE-2021-42229
RESERVED
CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in
KindEditor ...)
@@ -38666,7 +38666,7 @@ CVE-2021-41572
CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper
that do ...)
NOT-FOR-US: Apache Pulsar
CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the
NetBackup ...)
- TODO: check
+ NOT-FOR-US: Veritas NetBackup
CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File
Inclusion. Th ...)
NOT-FOR-US: SAS/Intrnet
CVE-2021-3826
@@ -41546,13 +41546,13 @@ CVE-2021-40426 (A heap-based buffer overflow
vulnerability exists in the sphere.
- sox <unfixed>
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL
GetProcessComm ...)
- TODO: check
+ NOT-FOR-US: Webroot
CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL
GetProcessComm ...)
- TODO: check
+ NOT-FOR-US: Webroot
CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi
API comm ...)
NOT-FOR-US: Reolink
CVE-2021-40422 (An authentication bypass vulnerability exists in the device
password g ...)
- TODO: check
+ NOT-FOR-US: Swift Sensors
CVE-2021-40421
RESERVED
CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
@@ -41610,7 +41610,7 @@ CVE-2021-40400 (An out-of-bounds read vulnerability
exists in the RS-274X apertu
CVE-2021-40399
RESERVED
CVE-2021-40398 (An out-of-bounds write vulnerability exists in the
parse_raster_data f ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2021-40397 (A privilege escalation vulnerability exists in the
installation of Adv ...)
NOT-FOR-US: Advantech
CVE-2021-40396 (A privilege escalation vulnerability exists in the
installation of Adv ...)
@@ -41634,7 +41634,7 @@ CVE-2021-40393 (An out-of-bounds write vulnerability
exists in the RS-274X apert
NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf
NOTE:
https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6
(v2.8.2-rc.1)
CVE-2021-40392 (An information disclosure vulnerability exists in the Web
Application ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill
format T-code ...)
{DLA-2839-1}
- gerbv 2.7.1-1
@@ -41644,7 +41644,7 @@ CVE-2021-40391 (An out-of-bounds write vulnerability
exists in the drill format
NOTE:
https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
NOTE: https://github.com/gerbv/gerbv/issues/30
CVE-2021-40390 (An authentication bypass vulnerability exists in the Web
Application f ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2021-40389 (A privilege escalation vulnerability exists in the
installation of Adv ...)
NOT-FOR-US: Advantech
CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ
Manager Se ...)
@@ -41652,7 +41652,7 @@ CVE-2021-40388 (A privilege escalation vulnerability
exists in Advantech SQ Mana
CVE-2021-40387 (An issue was discovered in the server software in Kaseya
Unitrends Bac ...)
NOT-FOR-US: Kaseya Unitrends Backup Software
CVE-2021-40386 (Kaseya Unitrends Client/Agent through 10.5,5 allows remote
attackers t ...)
- TODO: check
+ NOT-FOR-US: Kaseya Unitrends Agent
CVE-2021-40385 (An issue was discovered in the server software in Kaseya
Unitrends Bac ...)
NOT-FOR-US: Kaseya Unitrends Backup Software
CVE-2021-40384
@@ -71693,7 +71693,7 @@ CVE-2021-28507 (An issue has recently been discovered
in Arista EOS where, under
CVE-2021-28506 (An issue has recently been discovered in Arista EOS where
certain gNOI ...)
NOT-FOR-US: Arista
CVE-2021-28505 (On affected Arista EOS platforms, if a VXLAN match rule exists
in an I ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28504 (On Arista Strata family products which have “TCAM
profile” ...)
NOT-FOR-US: Arista
CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may
skip re ...)
@@ -76213,11 +76213,11 @@ CVE-2021-26629
CVE-2021-26628
RESERVED
CVE-2021-26627 (Real-time image information exposure is caused by insufficient
authent ...)
- TODO: check
+ NOT-FOR-US: EDrhyme QCP camera
CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's
execBrowser met ...)
- TODO: check
+ NOT-FOR-US: Tobesoft Xplatform
CVE-2021-26625 (Insufficient Verification of input Data leading to arbitrary
file down ...)
- TODO: check
+ NOT-FOR-US: Tobesoft Nexacro
CVE-2021-26624 (An local privilege escalation vulnerability due to a
"runasroot" comma ...)
NOT-FOR-US: eScan Antivirus
CVE-2021-26623 (A remote code execution vulnerability due to incomplete check
for 'xhe ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f5025208575edf7c2b64bc40b20ff2c3b7bc46
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f5025208575edf7c2b64bc40b20ff2c3b7bc46
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
