Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
310b47db by Neil Williams at 2022-05-06T10:08:10+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77015,7 +77015,7 @@ CVE-2021-27441
CVE-2021-27440 (The software contains a hard-coded password it uses for its
own inboun ...)
NOT-FOR-US: GE
CVE-2021-27439 (TencentOS-tiny version 3.1.0 is vulnerable to integer
wrap-around in f ...)
- TODO: check
+ NOT-FOR-US: Tencent
CVE-2021-27438 (The software contains a hard-coded password it uses for its
own inboun ...)
NOT-FOR-US: GE
CVE-2021-27437 (The affected product allows attackers to obtain sensitive
information ...)
@@ -77023,15 +77023,15 @@ CVE-2021-27437 (The affected product allows attackers
to obtain sensitive inform
CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to
cross-site scr ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2021-27435 (ARM mbed product Version 6.3.0 is vulnerable to integer
wrap-around in ...)
- TODO: check
+ NOT-FOR-US: ARM mbed
CVE-2021-27434 (Products with Unified Automation .NET based OPC UA
Client/Server SDK B ...)
NOT-FOR-US: Unified Automation .NET
CVE-2021-27433 (ARM mbed-ualloc memory library version 1.3.0 is vulnerable to
integer ...)
- TODO: check
+ NOT-FOR-US: ARM mbed
CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48
and OPC U ...)
NOT-FOR-US: OPC Foundation UA .NET
CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to
integer wrap ...)
- TODO: check
+ NOT-FOR-US: ARM CMSIS RTOS2
CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included
unused ha ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27429
@@ -77039,7 +77039,7 @@ CVE-2021-27429
CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports
upgrading f ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around
in its ...)
- TODO: check
+ NOT-FOR-US: RIOT RIOT-OS
CVE-2021-27426 (GE UR IED firmware versions prior to version 8.1x with
“Basic ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27425 (Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer
wrap-aro ...)
@@ -77059,7 +77059,7 @@ CVE-2021-27419 (uClibc-ng versions prior to 1.0.37 are
vulnerable to integer wra
CVE-2021-27418 (GE UR firmware versions prior to version 8.1x supports web
interface w ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27417 (eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: eCosCentric eCosPro RTOS
CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB
Power Grid ...)
NOT-FOR-US: Hitachi ABB Power Grids Ellipse Enterprise Asset Management
(EAM)
CVE-2021-27415
@@ -77071,7 +77071,7 @@ CVE-2021-27413 (Omron CX-One Versions 4.60 and prior,
including CX-Server Versio
CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are
vulnerable ...)
NOT-FOR-US: Delta Electronics
CVE-2021-27411 (Micrium OS Versions 5.10.1 and prior are vulnerable to integer
wrap-ar ...)
- TODO: check
+ NOT-FOR-US: Micrium
CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write,
which ma ...)
NOT-FOR-US: Welch Allyn
CVE-2021-27409
@@ -82680,9 +82680,9 @@ CVE-2021-25270 (A local attacker could execute
arbitrary code with administrator
CVE-2021-25269 (A local administrator could prevent the HMPA service from
starting des ...)
NOT-FOR-US: Sophos
CVE-2021-25268 (Multiple XSS vulnerabilities in Webadmin allow for privilege
escalatio ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2021-25267 (Multiple XSS vulnerabilities in Webadmin allow for privilege
escalatio ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2021-25266 (An insecure data storage vulnerability allows a physical
attacker with ...)
NOT-FOR-US: Sophos Authenticator for Android
CVE-2021-25265 (A malicious website could execute code remotely in Sophos
Connect Clie ...)
@@ -88645,7 +88645,7 @@ CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4)
is configured by default
CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and
later, ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-22680 (NXP MQX Versions 5.1 and prior are vulnerable to integer
overflow in m ...)
- TODO: check
+ NOT-FOR-US: NXP MQX
CVE-2021-22679 (The affected product is vulnerable to an integer overflow
while proces ...)
NOT-FOR-US: SimpleLink
CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper
validation of use ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310b47db1e9cca67d367df6cec7644369980dc62
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310b47db1e9cca67d367df6cec7644369980dc62
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
