[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Mon, 09 May 2022 02:17:09 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
812298e8 by Neil Williams at 2022-05-09T10:16:37+01:00
Process some NFUs

- - - - -
3e4ae6ce by Neil Williams at 2022-05-09T10:16:38+01:00
CVE-2021-38425/fastdds undetermined

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35181,9 +35181,9 @@ CVE-2021-3926
 CVE-2021-3925
        RESERVED
 CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames 
via the ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2021-31559 (A crafted request bypasses S2S TCP Token authentication 
writing arbitr ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's 
implementation of DUO ...)
        NOT-FOR-US: Splunk
 CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF 
file us ...)
@@ -49678,15 +49678,19 @@ CVE-2021-38429 (OCI OpenDDS versions prior to 3.18.1 
are vulnerable when an atta
 CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is 
vulnerable to  ...)
        NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38427 (RTI Connext DDS Professional and Connext DDS Secure Versions 
4.2.x to  ...)
-       TODO: check
+       NOT-FOR-US: RTI Connext DDS
 CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks 
proper val ...)
        NOT-FOR-US: FATEK Automation
 CVE-2021-38425 (eProsima Fast DDS versions prior to 2.4.0 (#2269) are 
susceptible to e ...)
-       TODO: check
+       - fastdds <undetermined>
+       NOTE: https://github.com/eProsima/Fast-DDS/issues/2267
+       NOTE: https://github.com/eProsima/Fast-DDS/pull/2269
+       NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
+       TODO: check completeness
 CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 
1.2.4.0 and pr ...)
        NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38423 (All versions of GurumDDS improperly calculate the size to be 
used when ...)
-       TODO: check
+       NOT-FOR-US: GurumNetworks
 CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores 
sensitive  ...)
        NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior 
to v4.0. ...)
@@ -53566,7 +53570,7 @@ CVE-2021-36914 (Cross-Site Request Forgery (CSRF) 
vulnerability leading to Refle
 CVE-2021-36913
        RESERVED
 CVE-2021-36912 (Stored Cross-Site Scripting (XSS) vulnerability in Andrea 
Pernici News ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in 
WordPres ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-36910 (Authenticated (admin user role) Stored Cross-Site Scripting 
(XSS) in W ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9cf96823371f0690b8eeb8bec2b6dd22d1dee180...3e4ae6cef6a1543c90c3a3ac99619aaf7a7515e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9cf96823371f0690b8eeb8bec2b6dd22d1dee180...3e4ae6cef6a1543c90c3a3ac99619aaf7a7515e0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to