[Git][security-tracker-team/security-tracker][master] Process NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri May 6 10:08:33 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
310b47db by Neil Williams at 2022-05-06T10:08:10+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77015,7 +77015,7 @@ CVE-2021-27441
 CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...)
 	NOT-FOR-US: GE
 CVE-2021-27439 (TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in f ...)
-	TODO: check
+	NOT-FOR-US: Tencent
 CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...)
 	NOT-FOR-US: GE
 CVE-2021-27437 (The affected product allows attackers to obtain sensitive information  ...)
@@ -77023,15 +77023,15 @@ CVE-2021-27437 (The affected product allows attackers to obtain sensitive inform
 CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
 	NOT-FOR-US: WebAccess/SCADA
 CVE-2021-27435 (ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in ...)
-	TODO: check
+	NOT-FOR-US: ARM mbed
 CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...)
 	NOT-FOR-US: Unified Automation .NET
 CVE-2021-27433 (ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer  ...)
-	TODO: check
+	NOT-FOR-US: ARM mbed
 CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...)
 	NOT-FOR-US: OPC Foundation UA .NET
 CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap ...)
-	TODO: check
+	NOT-FOR-US: ARM CMSIS RTOS2
 CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused ha ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27429
@@ -77039,7 +77039,7 @@ CVE-2021-27429
 CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports upgrading f ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its  ...)
-	TODO: check
+	NOT-FOR-US: RIOT RIOT-OS
 CVE-2021-27426 (GE UR IED firmware versions prior to version 8.1x with “Basic&#8 ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27425 (Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-aro ...)
@@ -77059,7 +77059,7 @@ CVE-2021-27419 (uClibc-ng versions prior to 1.0.37 are vulnerable to integer wra
 CVE-2021-27418 (GE UR firmware versions prior to version 8.1x supports web interface w ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27417 (eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: eCosCentric eCosPro RTOS
 CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB Power Grid ...)
 	NOT-FOR-US: Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM)
 CVE-2021-27415
@@ -77071,7 +77071,7 @@ CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versio
 CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable  ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2021-27411 (Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-ar ...)
-	TODO: check
+	NOT-FOR-US: Micrium
 CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
 	NOT-FOR-US: Welch Allyn
 CVE-2021-27409
@@ -82680,9 +82680,9 @@ CVE-2021-25270 (A local attacker could execute arbitrary code with administrator
 CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...)
 	NOT-FOR-US: Sophos
 CVE-2021-25268 (Multiple XSS vulnerabilities in Webadmin allow for privilege escalatio ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2021-25267 (Multiple XSS vulnerabilities in Webadmin allow for privilege escalatio ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2021-25266 (An insecure data storage vulnerability allows a physical attacker with ...)
 	NOT-FOR-US: Sophos Authenticator for Android
 CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
@@ -88645,7 +88645,7 @@ CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default
 CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later,  ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2021-22680 (NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in m ...)
-	TODO: check
+	NOT-FOR-US: NXP MQX
 CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...)
 	NOT-FOR-US: SimpleLink
 CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310b47db1e9cca67d367df6cec7644369980dc62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310b47db1e9cca67d367df6cec7644369980dc62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/d889b733/attachment.htm>

More information about the debian-security-tracker-commits mailing list