[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
812298e8 by Neil Williams at 2022-05-09T10:16:37+01:00
Process some NFUs

- - - - -
3e4ae6ce by Neil Williams at 2022-05-09T10:16:38+01:00
CVE-2021-38425/fastdds undetermined

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35181,9 +35181,9 @@ CVE-2021-3926
 CVE-2021-3925
 	RESERVED
 CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames via the ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2021-31559 (A crafted request bypasses S2S TCP Token authentication writing arbitr ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's implementation of DUO ...)
 	NOT-FOR-US: Splunk
 CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...)
@@ -49678,15 +49678,19 @@ CVE-2021-38429 (OCI OpenDDS versions prior to 3.18.1 are vulnerable when an atta
 CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to  ...)
 	NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38427 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to  ...)
-	TODO: check
+	NOT-FOR-US: RTI Connext DDS
 CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
 	NOT-FOR-US: FATEK Automation
 CVE-2021-38425 (eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to e ...)
-	TODO: check
+	- fastdds <undetermined>
+	NOTE: https://github.com/eProsima/Fast-DDS/issues/2267
+	NOTE: https://github.com/eProsima/Fast-DDS/pull/2269
+	NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
+	TODO: check completeness
 CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...)
 	NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38423 (All versions of GurumDDS improperly calculate the size to be used when ...)
-	TODO: check
+	NOT-FOR-US: GurumNetworks
 CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive  ...)
 	NOT-FOR-US: Delta Electronics DIALink
 CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
@@ -53566,7 +53570,7 @@ CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Refle
 CVE-2021-36913
 	RESERVED
 CVE-2021-36912 (Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36910 (Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in W ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9cf96823371f0690b8eeb8bec2b6dd22d1dee180...3e4ae6cef6a1543c90c3a3ac99619aaf7a7515e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9cf96823371f0690b8eeb8bec2b6dd22d1dee180...3e4ae6cef6a1543c90c3a3ac99619aaf7a7515e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220509/d2bc9c79/attachment-0001.htm>