Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d688d09e by Moritz Muehlenhoff at 2021-07-16T11:15:26+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2021-36758 (1Password Connect server before 1.2 is missing validation
checks, perm ...)
- TODO: check
+ NOT-FOR-US: 1Password
CVE-2021-36757
RESERVED
CVE-2021-36756
RESERVED
CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows
XSS via ...)
- TODO: check
+ NOT-FOR-US: Nightscout Web Monitor
CVE-2021-36754
RESERVED
CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current
working d ...)
- TODO: check
+ NOT-FOR-US: sharkdp BAT
CVE-2021-36752
RESERVED
CVE-2021-36751
@@ -8990,7 +8990,7 @@ CVE-2021-32772
CVE-2021-32771
RESERVED
CVE-2021-32770 (Gatsby is a framework for building websites. The
gatsby-source-wordpre ...)
- TODO: check
+ NOT-FOR-US: Gatsby
CVE-2021-32769
RESERVED
CVE-2021-32768
@@ -9002,7 +9002,7 @@ CVE-2021-32766
CVE-2021-32765
RESERVED
CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse
versions ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2021-32763
RESERVED
CVE-2021-32762
@@ -9020,7 +9020,7 @@ CVE-2021-32757
CVE-2021-32756
RESERVED
CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles
authentic ...)
- TODO: check
+ NOT-FOR-US: wire-ios (iOS version of Wire)
CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions
prior to 2. ...)
NOT-FOR-US: FlowDroid
CVE-2021-32753 (EdgeX Foundry is an open source project for building a common
open fra ...)
@@ -9030,11 +9030,12 @@ CVE-2021-32752 (Ether Logs is a package that allows one
to check one's logs in t
CVE-2021-32751
RESERVED
CVE-2021-32750 (MuWire is a file publishing and networking tool that protects
the iden ...)
- TODO: check
+ NOT-FOR-US: MuWire
CVE-2021-32749
RESERVED
- fail2ban 0.11.2-2
NOTE:
https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
+ NOTE:
https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9
CVE-2021-32748
RESERVED
CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface,
framework, an ...)
@@ -10851,7 +10852,7 @@ CVE-2021-32001
CVE-2021-32000
RESERVED
CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging
of inn ...)
- inn2 <not-affected> (SuSE-specific packaging issue)
CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in
python-posto ...)
@@ -27461,12 +27462,12 @@ CVE-2021-25321 (A UNIX Symbolic Link (Symlink)
Following vulnerability in arpwat
NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does
apply permissions
NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time
CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows
users in th ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging
of virt ...)
- virtualbox <not-affected> (openSUSE specific security issue in the
openSUSE packaging)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging
of cups ...)
- cups <not-affected> (In Debian /var/log/cups is owned by root:root)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
@@ -30090,7 +30091,7 @@ CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a
side-channel vulnerabilit
CVE-2021-24118
RESERVED
CVE-2021-24117 (In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM
file dec ...)
- TODO: check
+ NOT-FOR-US: Rust SGX
CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in
base64 PEM f ...)
- wolfssl <unfixed>
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
@@ -31763,11 +31764,11 @@ CVE-2021-23409
CVE-2021-23408
RESERVED
CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before
1.2.4. Th ...)
- TODO: check
+ NOT-FOR-US: elFinder.Net.Core
CVE-2021-23406
RESERVED
CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This
issue exi ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2021-23404
RESERVED
CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype
Pollutio ...)
@@ -31800,9 +31801,9 @@ CVE-2021-23392 (The package locutus before 2.0.15 are
vulnerable to Regular Expr
CVE-2021-23391 (This affects all versions of package calipso. It is possible
for a mal ...)
NOT-FOR-US: Node calipso
CVE-2021-23390 (The package total4 before 0.0.43 are vulnerable to Arbitrary
Code Exec ...)
- TODO: check
+ NOT-FOR-US: Node total4
CVE-2021-23389 (The package total.js before 3.4.9 are vulnerable to Arbitrary
Code Exe ...)
- TODO: check
+ NOT-FOR-US: Node total4
CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2
are vulner ...)
NOT-FOR-US: Node forms
CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open
Redirec ...)
@@ -32953,7 +32954,7 @@ CVE-2021-22869
CVE-2021-22868
RESERVED
CVE-2021-22867 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub
Enterpri ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22865 (An improper access control vulnerability was identified in
GitHub Ente ...)
@@ -39290,11 +39291,11 @@ CVE-2021-20786
CVE-2021-20785
RESERVED
CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions
except ...)
- TODO: check
+ NOT-FOR-US: Everything
CVE-2021-20783
RESERVED
CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software
License Ma ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress
Meta Data ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS -
WordPress Cu ...)
@@ -45430,7 +45431,7 @@ CVE-2020-29159 (An issue was discovered in Zammad
before 3.5.1. The default sign
CVE-2020-29158 (An issue was discovered in Zammad before 3.5.1. An Agent with
Customer ...)
- zammad <itp> (bug #841355)
CVE-2020-29157 (An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to
perform ...)
- TODO: check
+ NOT-FOR-US: RAONWIZ K Editor
CVE-2020-29156 (The WooCommerce plugin before 4.7.0 for WordPress allows
remote attack ...)
NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2020-29155
@@ -49321,7 +49322,7 @@ CVE-2021-0656
CVE-2021-0655
RESERVED
CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible
data ex ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0653
RESERVED
CVE-2021-0652
@@ -49425,45 +49426,45 @@ CVE-2021-0605 (In pfkey_dump of af_key.c, there is a
possible out-of-bounds read
[stretch] - linux 4.9.240-1
NOTE:
https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac
CVE-2021-0604 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0603 (In onCreate of ContactSelectionActivity.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0602 (In onCreateOptionsMenu of WifiNetworkDetailsFragment.java,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0601 (In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android media framework
CVE-2021-0600 (In onCreate of DeviceAdminAdd.java, there is a possible way to
mislead ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0599 (In scheduleTimeoutLocked of NotificationRecord.java, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0598
RESERVED
CVE-2021-0597 (In notifyProfileAdded and notifyProfileRemoved of
SipService.java, the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0596 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0595
RESERVED
CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible
remote bypa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0593
RESERVED
CVE-2021-0592 (In various functions in WideVine, there are possible out of
bounds wri ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2021-0591
RESERVED
CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there
is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0589 (In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0588 (In processInboundMessage of MceStateMachine.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0587 (In StreamOut::prepareForWriting of StreamOut.cpp, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android media framework
CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible
way to t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0584
RESERVED
CVE-2021-0583
@@ -49479,7 +49480,7 @@ CVE-2021-0579
CVE-2021-0578
RESERVED
CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due
to a hea ...)
- TODO: check
+ NOT-FOR-US: MediaTek components for Android
CVE-2021-0576
RESERVED
CVE-2021-0575
@@ -49603,9 +49604,9 @@ CVE-2021-0517 (In updateCapabilities of
ConnectivityService.java, there is a pos
CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible
out of b ...)
NOT-FOR-US: Android
CVE-2021-0515 (In Factory::CreateStrictFunctionMap of factory.cc, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0514 (In several functions of the V8 library, there is a possible use
after ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0513 (In deleteNotificationChannel and related functions of
NotificationMana ...)
NOT-FOR-US: Android
CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c,
there is a ...)
@@ -49664,7 +49665,7 @@ CVE-2021-0488 (In pb_write of pb_encode.c, there is a
possible out of bounds wri
CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible
way to ...)
NOT-FOR-US: Android
CVE-2021-0486 (In onPackageAddedInternal of PermissionManagerService.java,
there is p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a
possible bypa ...)
NOT-FOR-US: Android
CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of
uniniti ...)
@@ -49756,7 +49757,7 @@ CVE-2021-0443 (In several functions of
ScreenshotHelper.java and related files,
CVE-2021-0442 (In updateInfo of
android_hardware_input_InputApplicationHandle.cpp, th ...)
NOT-FOR-US: Android
CVE-2021-0441 (In onCreate of PermissionActivity.java, there is a possible
permission ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0440
RESERVED
CVE-2021-0439 (In setPowerModeWithHandle of
com_android_server_power_PowerManagerServ ...)
@@ -123756,7 +123757,7 @@ CVE-2020-0419 (In generateInfo of
PackageInstallerSession.java, there is a possi
CVE-2020-0418 (In getPermissionInfosForGroup of Utils.java, there is a logic
error. T ...)
NOT-FOR-US: Android
CVE-2020-0417 (In setNiNotification of GpsNetInitiatedHandler.java, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0416 (In multiple settings screens, there are possible tapjacking
attacks du ...)
NOT-FOR-US: Android
CVE-2020-0415 (In various locations in SystemUI, there is a possible
permission bypas ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d688d09ea60055379a4df2cc521c873135158abb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d688d09ea60055379a4df2cc521c873135158abb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
