[Git][security-tracker-team/security-tracker][master] NFUs

Fri, 16 Jul 2021 02:59:14 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65e3217d by Moritz Muehlenhoff at 2021-07-16T11:58:33+02:00
NFUs
new edk2 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49598,7 +49598,7 @@ CVE-2021-0520 (In several functions of 
MemoryFileSystem.cpp and related files, t
 CVE-2021-0519
        RESERVED
 CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, 
there i ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a 
possible ...)
        NOT-FOR-US: Android
 CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible 
out of b ...)
@@ -51117,11 +51117,11 @@ CVE-2021-0293 (A vulnerability in Juniper Networks 
Junos OS caused by Missing Re
 CVE-2021-0292 (An Uncontrolled Resource Consumption vulnerability in the ARP 
daemon ( ...)
        NOT-FOR-US: Juniper
 CVE-2021-0291 (An Exposure of System Data vulnerability in Juniper Networks 
Junos OS  ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2021-0290 (Improper Handling of Exceptional Conditions in Ethernet 
interface fram ...)
        NOT-FOR-US: Juniper
 CVE-2021-0289 (When user-defined ARP Policer is configured and applied on one 
or more ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2021-0288 (A vulnerability in the processing of specific MPLS packets in 
Juniper  ...)
        NOT-FOR-US: Juniper
 CVE-2021-0287 (In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on 
Juniper Netwo ...)
@@ -52139,7 +52139,7 @@ CVE-2021-0146
 CVE-2021-0145
        RESERVED
 CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT 
featur ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand 
Verificat ...)
        NOT-FOR-US: Intel
 CVE-2021-0142
@@ -60853,7 +60853,7 @@ CVE-2020-24135 (A Reflected Cross Site Scripting (XSS) 
Vulnerability was discove
 CVE-2020-24134
        RESERVED
 CVE-2020-24133 (A heap buffer overflow vulnerability in the r_asm_swf_disass 
function  ...)
-       TODO: check
+       NOT-FOR-US: radare2 extras
 CVE-2020-24132
        RESERVED
 CVE-2020-24131
@@ -61747,11 +61747,11 @@ CVE-2020-23709
 CVE-2020-23708
        RESERVED
 CVE-2020-23707 (A heap-based buffer overflow vulnerability in the function 
ok_jpg_deco ...)
-       TODO: check
+       NOT-FOR-US: ok-file-formats
 CVE-2020-23706 (A heap-based buffer overflow vulnerability in the function 
ok_jpg_deco ...)
-       TODO: check
+       NOT-FOR-US: ok-file-formats
 CVE-2020-23705 (A global buffer overflow vulnerability in jfif_encode at 
jfif.c:701 of ...)
-       TODO: check
+       NOT-FOR-US: ffjpeg
 CVE-2020-23704
        RESERVED
 CVE-2020-23703
@@ -63392,7 +63392,7 @@ CVE-2020-22909
 CVE-2020-22908
        RESERVED
 CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in 
jsish bef ...)
-       TODO: check
+       NOT-FOR-US: jsish
 CVE-2020-22906
        RESERVED
 CVE-2020-22905
@@ -63440,11 +63440,11 @@ CVE-2020-22885 (Buffer overflow vulnerability in mujs 
before 1.0.8 due to recurs
        - mujs 1.0.9-1
        NOTE: https://github.com/ccxvii/mujs/issues/133
 CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in 
Espruin ...)
-       TODO: check
+       NOT-FOR-US: Espruino
 CVE-2020-22883
        RESERVED
 CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable, 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Moddable
 CVE-2020-22881
        RESERVED
 CVE-2020-22880
@@ -63456,13 +63456,13 @@ CVE-2020-22878
 CVE-2020-22877
        RESERVED
 CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows 
remote a ...)
-       TODO: check
+       NOT-FOR-US: QuickJS
 CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in 
jsish b ...)
-       TODO: check
+       NOT-FOR-US: jsish
 CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer 
in jsish  ...)
-       TODO: check
+       NOT-FOR-US: jsish
 CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd 
in jsis ...)
-       TODO: check
+       NOT-FOR-US: jsish
 CVE-2020-22872
        RESERVED
 CVE-2020-22871
@@ -69535,7 +69535,7 @@ CVE-2020-19909
 CVE-2020-19908
        RESERVED
 CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of 
Caldera 2.3 ...)
-       TODO: check
+       NOT-FOR-US: Caldera plugin
 CVE-2020-19906
        RESERVED
 CVE-2020-19905
@@ -73094,9 +73094,9 @@ CVE-2020-18147
 CVE-2020-18146
        RESERVED
 CVE-2020-18145 (Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 
via /publi ...)
-       TODO: check
+       NOT-FOR-US: umeditor
 CVE-2020-18144 (SQL Injection Vulnerability in ECTouch v2 via the integral_min 
paramet ...)
-       TODO: check
+       NOT-FOR-US: ECTouch
 CVE-2020-18143
        RESERVED
 CVE-2020-18142
@@ -79234,7 +79234,7 @@ CVE-2020-15498 (An issue was discovered on ASUS 
RT-AC1900P routers before 3.0.0.
 CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 
10.0.2 build ...)
        NOT-FOR-US: Jalios JCMS
 CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local 
privileg ...)
-       TODO: check
+       NOT-FOR-US: Acronis
 CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows 
local pr ...)
        NOT-FOR-US: Acronis
 CVE-2020-15494
@@ -90667,11 +90667,11 @@ CVE-2020-11636
 CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not 
sufficiently valid ...)
        NOT-FOR-US: Zscaler Client Connector
 CVE-2020-11634 (The Zscaler Client Connector for Windows prior to 2.1.2.105 
had a DLL  ...)
-       TODO: check
+       NOT-FOR-US: Zscaler Client Connector
 CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had 
a stack ...)
        NOT-FOR-US: Zscaler Client Connector for Windows
 CVE-2020-11632 (The Zscaler Client Connector prior to 2.1.2.150 did not quote 
the sear ...)
-       TODO: check
+       NOT-FOR-US: Zscaler Client Connector
 CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x 
before 7.3.1. ...)
        NOT-FOR-US: EJBCA / PrimeKey
 CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x 
before 7.3.1. ...)
@@ -100862,7 +100862,7 @@ CVE-2020-7874
 CVE-2020-7873
        RESERVED
 CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer 
overflow vuln ...)
-       TODO: check
+       NOT-FOR-US: DaviewIndy
 CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated 
attacker to  ...)
        NOT-FOR-US: Cnesty Helpcom
 CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly 
handles ...)
@@ -146599,7 +146599,8 @@ CVE-2019-11100 (Insufficient input validation in the 
subsystem for Intel(R) AMT
 CVE-2019-11099
        RESERVED
 CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may 
allow an un ...)
-       TODO: check
+       - edk2 <unfixed>
+       NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=316
 CVE-2019-11097 (Improper directory permissions in the installer for Intel(R) 
Managemen ...)
        NOT-FOR-US: Intel
 CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218 
Adapter driv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65e3217d07758760281af253e6b9e1eb0b490d68

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65e3217d07758760281af253e6b9e1eb0b490d68
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to