[Git][security-tracker-team/security-tracker][master] 2 commits: Process one Micro Focus specific NFU

Salvatore Bonaccorso carnil at debian.org
Thu Mar 25 20:53:05 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
535b0531 by Salvatore Bonaccorso at 2021-03-25T21:32:16+01:00
Process one Micro Focus specific NFU

- - - - -
4c396665 by Salvatore Bonaccorso at 2021-03-25T21:49:02+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -149,7 +149,7 @@ CVE-2021-29158
 CVE-2021-29157
 	RESERVED
 CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger ...)
-	TODO: check
+	NOT-FOR-US: ForgeRock OpenAM
 CVE-2021-29155
 	RESERVED
 CVE-2021-29154
@@ -293,7 +293,7 @@ CVE-2021-29098
 CVE-2021-29097
 	RESERVED
 CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...)
-	TODO: check
+	NOT-FOR-US: Esri (various ArcGIS products)
 CVE-2021-29095
 	RESERVED
 CVE-2021-29094
@@ -4603,13 +4603,13 @@ CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has
 CVE-2021-27196
 	RESERVED
 CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...)
-	TODO: check
+	NOT-FOR-US: Netop Vision Pro
 CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...)
-	TODO: check
+	NOT-FOR-US: Netop Vision Pro
 CVE-2021-27193 (Incorrect default permissions vulnerability in the API of Netop Vision ...)
-	TODO: check
+	NOT-FOR-US: Netop Vision Pro
 CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of Netop V ...)
-	TODO: check
+	NOT-FOR-US: Netop Vision Pro
 CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...)
 	NOT-FOR-US: Node get-ip-range
 CVE-2021-3408
@@ -5999,9 +5999,9 @@ CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU.
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
 CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, authentica ...)
-	TODO: check
+	NOT-FOR-US: Nokia NetAct 18A
 CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user can chan ...)
-	TODO: check
+	NOT-FOR-US: Nokia NetAct 18A
 CVE-2021-26595 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
 	NOT-FOR-US: Directus
 CVE-2021-26594 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
@@ -9078,11 +9078,11 @@ CVE-2021-25370
 CVE-2021-25369
 	RESERVED
 CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25365
 	RESERVED
 CVE-2021-25364
@@ -9104,17 +9104,17 @@ CVE-2021-25357
 CVE-2021-25356
 	RESERVED
 CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.121 ...)
 	TODO: check
 CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior to versi ...)
 	TODO: check
 CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung Account prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to version ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5. ...)
 	TODO: check
 CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
@@ -15089,7 +15089,7 @@ CVE-2021-22661 (Changing the password on the module webpage does not require the
 CVE-2021-22660
 	RESERVED
 CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
 	NOT-FOR-US: Advantech iView
 CVE-2021-22657
@@ -15415,7 +15415,7 @@ CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Appli
 CVE-2021-22497
 	RESERVED
 CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access Manager Prod ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...)
@@ -84076,17 +84076,17 @@ CVE-2020-6792 (When deriving an identifier for an email message, uninitialized m
 CVE-2020-6791
 	RESERVED
 CVE-2020-6790 (Calling an executable through an Uncontrolled Search Path Element in t ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6789 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6788 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6787 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6786 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6785 (Loading a DLL through an Uncontrolled Search Path Element in Bosch BVM ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6784
 	RESERVED
 CVE-2020-6783
@@ -84114,7 +84114,7 @@ CVE-2020-6773
 CVE-2020-6772
 	RESERVED
 CVE-2020-6771 (Loading a DLL through an Uncontrolled Search Path Element in Bosch IP  ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...)
 	NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS)
 CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f2ad051fd07a4f5d5b666a5847f06fc60a067d6a...4c3966658cb882a460bc7eec3d08972de25f77cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f2ad051fd07a4f5d5b666a5847f06fc60a067d6a...4c3966658cb882a460bc7eec3d08972de25f77cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210325/99bcc125/attachment.htm>

More information about the debian-security-tracker-commits mailing list