[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri May 20 09:46:45 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b97ac20 by Neil Williams at 2022-05-20T09:46:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54672,7 +54672,7 @@ CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to
 CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37413 (GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: GRANDCOM DynWEB
 CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...)
 	NOT-FOR-US: TechRadar app for Confluence Server
 CVE-2021-37411
@@ -62499,7 +62499,7 @@ CVE-2021-34113
 CVE-2021-34112
 	RESERVED
 CVE-2021-34111 (Thecus 4800Eco was discovered to contain a command injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Thecus NAS server N4800Eco
 CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...)
 	NOT-FOR-US: WinWaste.NET
 CVE-2021-34109
@@ -65418,7 +65418,7 @@ CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering p
 CVE-2021-32935
 	RESERVED
 CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions before 3.1.5 ...)
-	TODO: check
+	NOT-FOR-US: ThroughTek P2P SDK
 CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that  ...)
 	NOT-FOR-US: Auvesy-MDT
 CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
@@ -79819,7 +79819,7 @@ CVE-2021-27448 (A miscommunication in the file system allows adversaries with ac
 CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection,  ...)
 	NOT-FOR-US: Mesa Labs
 CVE-2021-27446 (The Weintek cMT product line is vulnerable to code injection, which ma ...)
-	TODO: check
+	NOT-FOR-US: Weintek cMT gateway
 CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...)
 	NOT-FOR-US: Mesa Labs
 CVE-2021-27444 (The Weintek cMT product line is vulnerable to various improper access  ...)
@@ -136524,7 +136524,7 @@ CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives
 CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a  ...)
 	NOT-FOR-US: FPWIN Pro
 CVE-2020-16235 (Inadequate encryption may allow the credentials used by Emerson OpenEn ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
 	NOT-FOR-US: PLC WinProladder
 CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
@@ -136532,7 +136532,7 @@ CVE-2020-16233 (An attacker could send a specially crafted packet that could hav
 CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...)
 	NOT-FOR-US: Yokogawa WideField3
 CVE-2020-16231 (The affected Bachmann Electronic M-Base Controllers of version MSYS v1 ...)
-	TODO: check
+	NOT-FOR-US: Bachmann Electronic
 CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
 	NOT-FOR-US: HMS Networks
 CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
@@ -136576,7 +136576,7 @@ CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A
 CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting,  ...)
 	NOT-FOR-US: N-Tron
 CVE-2020-16209 (A malicious attacker could exploit the interface of the Fieldcomm Grou ...)
-	TODO: check
+	NOT-FOR-US: Fieldcomm Group
 CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...)
 	NOT-FOR-US: N-Tron
 CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...)
@@ -141060,7 +141060,7 @@ CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5.
 CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...)
 	NOT-FOR-US: Advantech
 CVE-2020-14496 (Successful exploitation of this vulnerability for multiple Mitsubishi  ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi Electric
 CVE-2020-14495
 	REJECTED
 CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication  ...)
@@ -169765,7 +169765,7 @@ CVE-2020-4109
 CVE-2020-4108
 	RESERVED
 CVE-2020-4107 (HCL Domino is affected by an Insufficient Access Control vulnerability ...)
-	TODO: check
+	NOT-FOR-US: HCL Domino
 CVE-2020-4106
 	RESERVED
 CVE-2020-4105



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b97ac20dfaa3560f1dffb1586a5410566ed5cf9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b97ac20dfaa3560f1dffb1586a5410566ed5cf9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220520/b9b039f7/attachment.htm>

More information about the debian-security-tracker-commits mailing list