[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon Feb 14 09:12:26 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc2416ef by Neil Williams at 2022-02-14T09:12:02+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14968,7 +14968,7 @@ CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) ver
 CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
 	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-4035 (A stored cross site scripting have been identified at the comments in  ...)
-	TODO: check
+	NOT-FOR-US: Wocu Monitoring
 CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
 	NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
@@ -72291,9 +72291,9 @@ CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that co
 CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22824 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22823 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...)
@@ -72327,27 +72327,27 @@ CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause
 CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22806 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22805 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22804 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22803 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22802 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22801 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22800 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause  ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22797
 	RESERVED
 CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22795
 	RESERVED
 CVE-2021-22794
@@ -72363,13 +72363,13 @@ CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a D
 CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause d ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22786
 	RESERVED
 CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22783
@@ -72443,7 +72443,7 @@ CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Defin
 CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
 	NOT-FOR-US: Schneider
 CVE-2021-22748 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
 	NOT-FOR-US: Tricon
 CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
@@ -75751,7 +75751,7 @@ CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardco
 CVE-2020-36063
 	RESERVED
 CVE-2020-36062 (Dairy Farm Shop Management System v1.0 was discovered to contain hardc ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
 CVE-2020-36061
 	RESERVED
 CVE-2020-36060
@@ -89385,7 +89385,7 @@ CVE-2021-0526 (In memory management driver, there is a possible out of bounds wr
 CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...)
 	NOT-FOR-US: MediaTek components for Android
 CVE-2021-0524 (In isServiceDistractionOptimized of CarPackageManagerService.java, the ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...)
 	NOT-FOR-US: Android
 CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...)
@@ -94429,7 +94429,7 @@ CVE-2020-26730
 CVE-2020-26729
 	RESERVED
 CVE-2020-26728 (A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi an ...)
-	TODO: check
+	NOT-FOR-US: Tenda AC9 Router
 CVE-2020-26727
 	RESERVED
 CVE-2020-26726
@@ -122046,11 +122046,11 @@ CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri
 CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
 	NOT-FOR-US: Softing Industrial Automation
 CVE-2020-14523 (Multiple Mitsubishi Electric Factory Automation products have a vulner ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...)
 	NOT-FOR-US: Softing Industrial Automation
 CVE-2020-14521 (Multiple Mitsubishi Electric Factory Automation engineering software p ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...)
 	NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2416efbc1ccebca4f59d0302a0a8ad857ec9da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc2416efbc1ccebca4f59d0302a0a8ad857ec9da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/1376fe09/attachment.htm>

More information about the debian-security-tracker-commits mailing list