Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88574640 by Salvatore Bonaccorso at 2021-09-09T07:57:36+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42112,19 +42112,19 @@ CVE-2021-3057
CVE-2021-3056
RESERVED
CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference
vulnera ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3053 (An improper handling of exceptional conditions vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3052 (A reflected cross-site scripting (XSS) vulnerability in the
Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3051 (An improper verification of cryptographic signature
vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3050 (An OS command injection vulnerability in the Palo Alto Networks
PAN-OS ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2021-3049 (An improper authorization vulnerability in the Palo Alto
Networks Cort ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3048 (Certain invalid URL entries contained in an External Dynamic
List (EDL ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3047 (A cryptographically weak pseudo-random number generator (PRNG)
is used ...)
@@ -48667,11 +48667,11 @@ CVE-2020-35572 (Adminer through 4.7.8 allows XSS via
the history parameter to th
CVE-2020-35571 (An issue was discovered in MantisBT through 2.24.3. In the
helper_ensu ...)
- mantis <removed>
CVE-2021-21105 (Adobe Illustrator version 25.2 (and earlier) is affected by a
memory c ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21104 (Adobe Illustrator version 25.2 (and earlier) is affected by a
memory c ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21103 (Adobe Illustrator version 25.2 (and earlier) is affected by a
memory c ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a
Path Tra ...)
NOT-FOR-US: Adobe
CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an
Out-of- ...)
@@ -53822,33 +53822,33 @@ CVE-2021-1887 (An assertion can be reached in the
WLAN subsystem while using the
CVE-2021-1886 (Incorrect handling of pointers in trusted application key
import mecha ...)
NOT-FOR-US: Snapdragon
CVE-2021-1885 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1884 (A race condition was addressed with improved locking. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1883 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1882 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1881 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1880 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1879 (This issue was addressed by improved management of object
lifetimes. T ...)
NOT-FOR-US: Apple
CVE-2021-1878 (An integer overflow was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1877 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1876 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1875 (A double free issue was addressed with improved memory
management. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1874 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1873 (An API issue in Accessibility TCC permissions was addressed
with impro ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1872 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1871 (A logic issue was addressed with improved restrictions. This
issue is ...)
{DSA-4923-1}
- webkit2gtk 2.32.0-2
@@ -53864,51 +53864,51 @@ CVE-2021-1870 (A logic issue was addressed with
improved restrictions. This issu
CVE-2021-1869
RESERVED
CVE-2021-1868 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1867 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1866
RESERVED
CVE-2021-1865 (An issue obscuring passwords in screenshots was addressed with
improve ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1864 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1863 (An issue existed with authenticating the action triggered by an
NFC ta ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1862 (Description: A person with physical access may be able to
access conta ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1861 (An issue existed in determining cache occupancy. The issue was
address ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1860 (A memory initialization issue was addressed with improved
memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1859 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1858 (Processing a maliciously crafted image may lead to arbitrary
code exec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1857 (A memory initialization issue was addressed with improved
memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1856
RESERVED
CVE-2021-1855 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1854 (A call termination issue with was addressed with improved
logic. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1853 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1852 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1851 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1850
RESERVED
CVE-2021-1849 (An issue in code signature validation was addressed with
improved chec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1848 (The issue was addressed with improved UI handling. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1847 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1846 (Processing a maliciously crafted audio file may disclose
restricted me ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1845
RESERVED
CVE-2021-1844 (A memory corruption issue was addressed with improved
validation. This ...)
@@ -53918,37 +53918,37 @@ CVE-2021-1844 (A memory corruption issue was
addressed with improved validation.
- wpewebkit 2.32.0-2
NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
CVE-2021-1843 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1842
RESERVED
CVE-2021-1841 (A malicious application may be able to execute arbitrary code
with ker ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1840 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1839 (The issue was addressed with improved permissions logic. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1838 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1837 (A certificate validation issue was addressed. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1836 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1835 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1834 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1833 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1832 (Copied files may not have the expected file permissions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1831 (The issue was addressed with improved permissions logic. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1830 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1829 (A type confusion issue was addressed with improved state
handling. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1828 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1827
RESERVED
CVE-2021-1826 (A logic issue was addressed with improved restrictions. This
issue is ...)
@@ -53964,11 +53964,11 @@ CVE-2021-1825 (An input validation issue was
addressed with improved input valid
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
CVE-2021-1824 (This issue was addressed with improved entitlements. This issue
is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1823
RESERVED
CVE-2021-1822 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1821
RESERVED
CVE-2021-1820 (A memory initialization issue was addressed with improved
memory handl ...)
@@ -53988,25 +53988,25 @@ CVE-2021-1817 (A memory corruption issue was
addressed with improved state manag
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
CVE-2021-1816 (A buffer overflow was addressed with improved bounds checking.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1815 (A parsing issue in the handling of directory paths was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1814 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1813 (A validation issue was addressed with improved logic. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1812 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1811 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1810 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1809 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1808 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1807 (A validation issue was addressed with improved input
sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1806 (A race condition was addressed with additional validation. This
issue ...)
NOT-FOR-US: Apple
CVE-2021-1805 (An out-of-bounds write was addressed with improved input
validation. T ...)
@@ -54068,7 +54068,7 @@ CVE-2021-1786 (A logic issue was addressed with
improved state management. This
CVE-2021-1785 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-1784 (A permissions issue existed in DiskArbitration. This was
addressed wit ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1783 (An access issue was addressed with improved memory management.
This is ...)
NOT-FOR-US: Apple
CVE-2021-1782 (A race condition was addressed with improved locking. This
issue is fi ...)
@@ -54096,7 +54096,7 @@ CVE-2021-1772 (A stack overflow was addressed with
improved input validation. Th
CVE-2021-1771 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2021-1770 (A buffer overflow may result in arbitrary code execution. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1769 (A logic issue was addressed with improved validation. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-1768 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
@@ -54116,7 +54116,7 @@ CVE-2021-1764 (A use after free issue was addressed
with improved memory managem
CVE-2021-1763 (A buffer overflow was addressed with improved bounds checking.
This is ...)
NOT-FOR-US: Apple
CVE-2021-1762 (An out-of-bounds write was addressed with improved input
validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1761 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2021-1760 (A memory corruption issue was addressed with improved state
management ...)
@@ -54160,9 +54160,9 @@ CVE-2021-1742 (This issue was addressed with improved
checks. This issue is fixe
CVE-2021-1741 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2021-1740 (A parsing issue in the handling of directory paths was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1739 (A parsing issue in the handling of directory paths was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1738 (An out-of-bounds write was addressed with improved input
validation. T ...)
NOT-FOR-US: Apple
CVE-2021-1737 (An out-of-bounds write was addressed with improved input
validation. T ...)
@@ -55904,7 +55904,7 @@ CVE-2020-29014 (A concurrent execution using shared
resource with improper synch
CVE-2020-29013
RESERVED
CVE-2020-29012 (An insufficient session expiration vulnerability in
FortiSandbox versi ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum
search and ...)
NOT-FOR-US: FortiSandbox
CVE-2020-29010
@@ -61185,11 +61185,11 @@ CVE-2020-27944 (A memory corruption issue existed in
the processing of font file
CVE-2020-27943 (A memory corruption issue existed in the processing of font
files. Thi ...)
NOT-FOR-US: Apple
CVE-2020-27942 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27941 (A validation issue was addressed with improved logic. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2020-27940 (This issue was addressed with improved file handling. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27939 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2020-27938 (A logic issue was addressed with improved state management.
This issue ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88574640f0b3d8a0bdfe6417d1c4ee6143db34df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88574640f0b3d8a0bdfe6417d1c4ee6143db34df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
