[Git][security-tracker-team/security-tracker][master] Process NFUs

Fri, 06 May 2022 02:08:49 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
310b47db by Neil Williams at 2022-05-06T10:08:10+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77015,7 +77015,7 @@ CVE-2021-27441
 CVE-2021-27440 (The software contains a hard-coded password it uses for its 
own inboun ...)
        NOT-FOR-US: GE
 CVE-2021-27439 (TencentOS-tiny version 3.1.0 is vulnerable to integer 
wrap-around in f ...)
-       TODO: check
+       NOT-FOR-US: Tencent
 CVE-2021-27438 (The software contains a hard-coded password it uses for its 
own inboun ...)
        NOT-FOR-US: GE
 CVE-2021-27437 (The affected product allows attackers to obtain sensitive 
information  ...)
@@ -77023,15 +77023,15 @@ CVE-2021-27437 (The affected product allows attackers 
to obtain sensitive inform
 CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to 
cross-site scr ...)
        NOT-FOR-US: WebAccess/SCADA
 CVE-2021-27435 (ARM mbed product Version 6.3.0 is vulnerable to integer 
wrap-around in ...)
-       TODO: check
+       NOT-FOR-US: ARM mbed
 CVE-2021-27434 (Products with Unified Automation .NET based OPC UA 
Client/Server SDK B ...)
        NOT-FOR-US: Unified Automation .NET
 CVE-2021-27433 (ARM mbed-ualloc memory library version 1.3.0 is vulnerable to 
integer  ...)
-       TODO: check
+       NOT-FOR-US: ARM mbed
 CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 
and OPC U ...)
        NOT-FOR-US: OPC Foundation UA .NET
 CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to 
integer wrap ...)
-       TODO: check
+       NOT-FOR-US: ARM CMSIS RTOS2
 CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included 
unused ha ...)
        NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27429
@@ -77039,7 +77039,7 @@ CVE-2021-27429
 CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports 
upgrading f ...)
        NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around 
in its  ...)
-       TODO: check
+       NOT-FOR-US: RIOT RIOT-OS
 CVE-2021-27426 (GE UR IED firmware versions prior to version 8.1x with 
“Basic&#8 ...)
        NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27425 (Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer 
wrap-aro ...)
@@ -77059,7 +77059,7 @@ CVE-2021-27419 (uClibc-ng versions prior to 1.0.37 are 
vulnerable to integer wra
 CVE-2021-27418 (GE UR firmware versions prior to version 8.1x supports web 
interface w ...)
        NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27417 (eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: eCosCentric eCosPro RTOS
 CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB 
Power Grid ...)
        NOT-FOR-US: Hitachi ABB Power Grids Ellipse Enterprise Asset Management 
(EAM)
 CVE-2021-27415
@@ -77071,7 +77071,7 @@ CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, 
including CX-Server Versio
 CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are 
vulnerable  ...)
        NOT-FOR-US: Delta Electronics
 CVE-2021-27411 (Micrium OS Versions 5.10.1 and prior are vulnerable to integer 
wrap-ar ...)
-       TODO: check
+       NOT-FOR-US: Micrium
 CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, 
which ma ...)
        NOT-FOR-US: Welch Allyn
 CVE-2021-27409
@@ -82680,9 +82680,9 @@ CVE-2021-25270 (A local attacker could execute 
arbitrary code with administrator
 CVE-2021-25269 (A local administrator could prevent the HMPA service from 
starting des ...)
        NOT-FOR-US: Sophos
 CVE-2021-25268 (Multiple XSS vulnerabilities in Webadmin allow for privilege 
escalatio ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2021-25267 (Multiple XSS vulnerabilities in Webadmin allow for privilege 
escalatio ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2021-25266 (An insecure data storage vulnerability allows a physical 
attacker with ...)
        NOT-FOR-US: Sophos Authenticator for Android
 CVE-2021-25265 (A malicious website could execute code remotely in Sophos 
Connect Clie ...)
@@ -88645,7 +88645,7 @@ CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) 
is configured by default
 CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and 
later,  ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2021-22680 (NXP MQX Versions 5.1 and prior are vulnerable to integer 
overflow in m ...)
-       TODO: check
+       NOT-FOR-US: NXP MQX
 CVE-2021-22679 (The affected product is vulnerable to an integer overflow 
while proces ...)
        NOT-FOR-US: SimpleLink
 CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper 
validation of use ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310b47db1e9cca67d367df6cec7644369980dc62

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310b47db1e9cca67d367df6cec7644369980dc62
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to