[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
873685ab by Neil Williams at 2022-05-09T09:41:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35183,7 +35183,7 @@ CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames v
 CVE-2021-31559 (A crafted request bypasses S2S TCP Token authentication writing arbitr ...)
 	TODO: check
 CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's implementation of DUO ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...)
 	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2021-43335
@@ -76842,25 +76842,26 @@ CVE-2021-27769
 CVE-2021-27768
 	RESERVED
 CVE-2021-27767 (The BigFix Console installer is created with InstallShield, which was  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27766 (The BigFix Client installer is created with InstallShield, which was a ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27765 (The BigFix Server API installer is created with InstallShield, which w ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27764 (Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Sec ...)
-	TODO: check
+	NOT-FOR-US: HCL
+	NOTE: error in CVE URL - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778
 CVE-2021-27763
 	RESERVED
 CVE-2021-27762 (Misconfigured security-related HTTP headers: Several security-related  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27761 (Weak web transport security (Weak TLS): An attacker may be able to dec ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27760 (An issue was discovered in the Sametime chat feature in the Notes 11.0 ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27759 (This vulnerability arises because the application allows the user to p ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27758 (There is a security vulnerability in login form related to Cross-site  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27757 (" Insecure password storage issue.The application stores sensitive inf ...)
 	NOT-FOR-US: HCL
 CVE-2021-27756 ("TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2. ...)
@@ -76874,7 +76875,7 @@ CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...)
 CVE-2021-27752
 	RESERVED
 CVE-2021-27751 (HCL Commerce is affected by an Insufficient Session Expiration vulnera ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27750
 	RESERVED
 CVE-2021-27749
@@ -77584,7 +77585,7 @@ CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around i
 CVE-2021-27426 (GE UR IED firmware versions prior to version 8.1x with “Basic&#8 ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27425 (Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-aro ...)
-	TODO: check
+	NOT-FOR-US: Cesanta Mongoose
 CVE-2021-27424 (GE UR firmware versions prior to version 8.1x shares MODBUS memory map ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27423
@@ -77592,7 +77593,7 @@ CVE-2021-27423
 CVE-2021-27422 (GE UR firmware versions prior to version 8.1x web server interface is  ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27421 (NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer o ...)
-	TODO: check
+	NOT-FOR-US: NXP MCUXpresso SDK
 CVE-2021-27420 (GE UR firmware versions prior to version 8.1x web server task does not ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27419 (uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-arou ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/873685abaff4a7c2f8b994019fdb32cb85597db4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/873685abaff4a7c2f8b994019fdb32cb85597db4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220509/cadfcce2/attachment.htm>