[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed Apr 20 13:41:19 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6f50252 by Neil Williams at 2022-04-20T13:40:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37017,7 +37017,7 @@ CVE-2021-42232
 CVE-2021-42231
 	RESERVED
 CVE-2021-42230 (Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to R ...)
-	TODO: check
+	NOT-FOR-US: SEOWON 130-SLC
 CVE-2021-42229
 	RESERVED
 CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...)
@@ -38666,7 +38666,7 @@ CVE-2021-41572
 CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...)
 	NOT-FOR-US: Apache Pulsar
 CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup ...)
-	TODO: check
+	NOT-FOR-US: Veritas NetBackup
 CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
 	NOT-FOR-US: SAS/Intrnet
 CVE-2021-3826
@@ -41546,13 +41546,13 @@ CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.
 	- sox <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
-	TODO: check
+	NOT-FOR-US: Webroot
 CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...)
-	TODO: check
+	NOT-FOR-US: Webroot
 CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...)
 	NOT-FOR-US: Reolink
 CVE-2021-40422 (An authentication bypass vulnerability exists in the device password g ...)
-	TODO: check
+	NOT-FOR-US: Swift Sensors
 CVE-2021-40421
 	RESERVED
 CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -41610,7 +41610,7 @@ CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X apertu
 CVE-2021-40399
 	RESERVED
 CVE-2021-40398 (An out-of-bounds write vulnerability exists in the parse_raster_data f ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
 	NOT-FOR-US: Advantech
 CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...)
@@ -41634,7 +41634,7 @@ CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X apert
 	NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf
 	NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1)
 CVE-2021-40392 (An information disclosure vulnerability exists in the Web Application  ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
 	{DLA-2839-1}
 	- gerbv 2.7.1-1
@@ -41644,7 +41644,7 @@ CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format
 	NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
 	NOTE: https://github.com/gerbv/gerbv/issues/30
 CVE-2021-40390 (An authentication bypass vulnerability exists in the Web Application f ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...)
 	NOT-FOR-US: Advantech
 CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...)
@@ -41652,7 +41652,7 @@ CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Mana
 CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
 	NOT-FOR-US: Kaseya Unitrends Backup Software
 CVE-2021-40386 (Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: Kaseya Unitrends Agent
 CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
 	NOT-FOR-US: Kaseya Unitrends Backup Software
 CVE-2021-40384
@@ -71693,7 +71693,7 @@ CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under
 CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...)
 	NOT-FOR-US: Arista
 CVE-2021-28505 (On affected Arista EOS platforms, if a VXLAN match rule exists in an I ...)
-	TODO: check
+	NOT-FOR-US: Arista
 CVE-2021-28504 (On Arista Strata family products which have “TCAM profile” ...)
 	NOT-FOR-US: Arista
 CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
@@ -76213,11 +76213,11 @@ CVE-2021-26629
 CVE-2021-26628
 	RESERVED
 CVE-2021-26627 (Real-time image information exposure is caused by insufficient authent ...)
-	TODO: check
+	NOT-FOR-US: EDrhyme QCP camera
 CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's execBrowser met ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft Xplatform
 CVE-2021-26625 (Insufficient Verification of input Data leading to arbitrary file down ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft Nexacro
 CVE-2021-26624 (An local privilege escalation vulnerability due to a "runasroot" comma ...)
 	NOT-FOR-US: eScan Antivirus
 CVE-2021-26623 (A remote code execution vulnerability due to incomplete check for 'xhe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f5025208575edf7c2b64bc40b20ff2c3b7bc46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f5025208575edf7c2b64bc40b20ff2c3b7bc46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/491be7dd/attachment.htm>


More information about the debian-security-tracker-commits mailing list