[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Tue Apr 5 14:26:55 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
070a6fa0 by Neil Williams at 2022-04-05T14:26:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57067,7 +57067,7 @@ CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing
CVE-2021-32958
RESERVED
CVE-2021-32957 (A function in MDT AutoSave versions prior to v6.02.06 is used to retri ...)
- TODO: check
+ NOT-FOR-US: Auvesy-MDT
CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...)
@@ -57075,7 +57075,7 @@ CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unre
CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2021-32953 (An attacker could utilize SQL commands to create a new user MDT AutoSa ...)
- TODO: check
+ NOT-FOR-US: Auvesy-MDT
CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...)
@@ -57083,7 +57083,7 @@ CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improp
CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32949 (An attacker could utilize a function in MDT AutoSave versions prior to ...)
- TODO: check
+ NOT-FOR-US: Auvesy-MDT
CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
@@ -57091,7 +57091,7 @@ CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulner
CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32945 (An attacker could decipher the encryption and gain access to MDT AutoS ...)
- TODO: check
+ NOT-FOR-US: Auvesy-MDT
CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
@@ -57107,7 +57107,7 @@ CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulner
CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32937 (An attacker can gain knowledge of a session temporary working folder w ...)
- TODO: check
+ NOT-FOR-US: Auvesy-MDT
CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32935
@@ -57115,7 +57115,7 @@ CVE-2021-32935
CVE-2021-32934
RESERVED
CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that ...)
- TODO: check
+ NOT-FOR-US: Auvesy-MDT
CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
NOT-FOR-US: Advantech
CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...)
@@ -58306,7 +58306,7 @@ CVE-2021-32505
CVE-2021-32504
RESERVED
CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through GET reques ...)
- TODO: check
+ NOT-FOR-US: SICK FTMg flow sensors
CVE-2021-32502
REJECTED
CVE-2021-32501
@@ -64238,17 +64238,17 @@ CVE-2021-30335 (Possible assertion in QOS request due to improper validation whe
CVE-2021-30334
RESERVED
CVE-2021-30333 (Improper validation of buffer size input to the EFS file can lead to m ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2021-30332 (Possible assertion due to improper validation of OTA configuration in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2021-30331 (Possible buffer overflow due to improper data validation of external c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...)
NOT-FOR-US: Qualcomm
CVE-2021-30329 (Possible assertion due to improper validation of TCI configuration in ...)
TODO: check
CVE-2021-30328 (Possible assertion due to improper validation of invalid NR CSI-IM res ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2021-30327
RESERVED
CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
@@ -68948,7 +68948,7 @@ CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certai
CVE-2021-28505
RESERVED
CVE-2021-28504 (On Arista Strata family products which have “TCAM profile” ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
NOT-FOR-US: Arista
CVE-2021-28502
@@ -71381,7 +71381,7 @@ CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife
CVE-2021-27502
RESERVED
CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow certain c ...)
- TODO: check
+ NOT-FOR-US: Philips Vue PACS
CVE-2021-27500
RESERVED
CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
@@ -71389,7 +71389,7 @@ CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife
CVE-2021-27498
RESERVED
CVE-2021-27497 (Philips Vue PACS versions 12.2.x.x and prior does not use or incorrect ...)
- TODO: check
+ NOT-FOR-US: Philips Vue PACS
CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
@@ -71397,7 +71397,7 @@ CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife C
CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
NOT-FOR-US: Datakit
CVE-2021-27493 (Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorr ...)
- TODO: check
+ NOT-FOR-US: Philips Vue PACS
CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...)
NOT-FOR-US: Datakit
CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
@@ -72007,7 +72007,7 @@ CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in the
CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...)
NOT-FOR-US: WPG plugin for IrfanView
CVE-2021-27223 (A denial-of-service issue existed in one of modules that was incorpora ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Antivirus
CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...)
NOT-FOR-US: "Time in Status" app
CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...)
@@ -73466,9 +73466,9 @@ CVE-2021-26626
CVE-2021-26625
RESERVED
CVE-2021-26624 (An local privilege escalation vulnerability due to a "runasroot" comma ...)
- TODO: check
+ NOT-FOR-US: eScan Antivirus
CVE-2021-26623 (A remote code execution vulnerability due to incomplete check for 'xhe ...)
- TODO: check
+ NOT-FOR-US: Bandizip for Windows
CVE-2021-26622 (An remote code execution vulnerability due to SSTI vulnerability and i ...)
NOT-FOR-US: Genian NAC
CVE-2021-26621 (An Buffer Overflow vulnerability leading to remote code execution was ...)
@@ -81643,9 +81643,9 @@ CVE-2021-23290
CVE-2021-23289
RESERVED
CVE-2021-23288 (The vulnerability exists due to insufficient validation of input from ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Protector (IPP)
CVE-2021-23287 (The vulnerability exists due to insufficient validation of input of ce ...)
- TODO: check
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
CVE-2021-23286
RESERVED
CVE-2021-23285
@@ -81727,7 +81727,7 @@ CVE-2021-23249
CVE-2021-23248
RESERVED
CVE-2021-23247 (A command injection vulerability found in quick game engine allows arb ...)
- TODO: check
+ NOT-FOR-US: oppo
CVE-2021-23246 (In ACE2 ColorOS11, the attacker can obtain the foreground package name ...)
NOT-FOR-US: ACE2 ColorOS11
CVE-2021-23245
@@ -83972,7 +83972,7 @@ CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the Omni
CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
NOT-FOR-US: PCM600 Update Manager
CVE-2021-22277 (Improper Input Validation vulnerability in ABB 800xA, Control Software ...)
- TODO: check
+ NOT-FOR-US: ABB AC 800M
CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
NOT-FOR-US: ABB
CVE-2021-22275
@@ -93648,7 +93648,7 @@ CVE-2021-1944
CVE-2021-1943 (Possible buffer out of bound read can occur due to improper validation ...)
NOT-FOR-US: Snapdragon
CVE-2021-1942 (Improper handling of permissions of a shared memory region can lead to ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...)
@@ -100846,7 +100846,7 @@ CVE-2020-28064
CVE-2020-28063 (A file upload issue exists in all versions of ArticleCMS which allows ...)
NOT-FOR-US: ArticleCMS
CVE-2020-28062 (An Access Control vulnerability exists in HisiPHP 2.0.11 via special p ...)
- TODO: check
+ NOT-FOR-US: HisiPHP
CVE-2020-28061
RESERVED
CVE-2020-28060
@@ -132645,7 +132645,7 @@ CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak
CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-14479 (Sensitive information can be obtained through the handling of serializ ...)
- TODO: check
+ NOT-FOR-US: Inductive Automation Ignition
CVE-2020-14478 (A local, authenticated attacker could use an XML External Entity (XXE) ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/070a6fa0aa4b3f38a27f6c519ee7b82c2b597035
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/070a6fa0aa4b3f38a27f6c519ee7b82c2b597035
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220405/f0a1ccdb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list