Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5147f475 by Neil Williams at 2021-09-09T13:12:45+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -692,7 +692,7 @@ CVE-2021-40506
CVE-2021-40505
RESERVED
CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled
Modification of Ob ...)
- TODO: check
+ NOT-FOR-US: Node objection.js
CVE-2021-3765
RESERVED
CVE-2021-40504
@@ -18319,7 +18319,7 @@ CVE-2021-32835 (Eclipse Keti is a service that was
designed to protect RESTfuls
CVE-2021-32834 (Eclipse Keti is a service that was designed to protect
RESTfuls API us ...)
NOT-FOR-US: Eclipse Keti
CVE-2021-32833 (Emby Server is a personal media server with apps on many
devices. In E ...)
- TODO: check
+ NOT-FOR-US: Emby Server
CVE-2021-32832 (Rocket.Chat is an open-source fully customizable
communications platfo ...)
NOT-FOR-US: Rocket.Chat
CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for
Node.js p ...)
@@ -41642,7 +41642,7 @@ CVE-2021-23406 (This affects the package pac-resolver
before 5.0.0. This can occ
CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This
issue exi ...)
NOT-FOR-US: Pimcore
CVE-2021-23404 (This affects all versions of package sqlite-web. The SQL
dashboard are ...)
- TODO: check
+ NOT-FOR-US: sqlite-web
CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype
Pollutio ...)
NOT-FOR-US: Node ts-nodash
CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable
to Prot ...)
@@ -53787,7 +53787,7 @@ CVE-2021-1930 (Possible out of bounds read due to
incorrect validation of incomi
CVE-2021-1929 (Lack of strict validation of bootmode can lead to information
disclosu ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1928 (Buffer over read could occur due to incorrect check of buffer
size whi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1927 (Possible use after free due to lack of null check while memory
is bein ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1926
@@ -53797,7 +53797,7 @@ CVE-2021-1925 (Possible denial of service scenario due
to improper handling of g
CVE-2021-1924
RESERVED
CVE-2021-1923 (Incorrect pointer argument passed to trusted application TA
could resu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1922
RESERVED
CVE-2021-1921
@@ -65831,7 +65831,7 @@ CVE-2020-26302
CVE-2020-26301
RESERVED
CVE-2020-26300 (systeminformation is an npm package that provides system and
OS inform ...)
- TODO: check
+ NOT-FOR-US: Node systeminformation
CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet
configu ...)
NOT-FOR-US: Node ftp-srv
CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In
Redcarpet befo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5147f47534492456077c8aa5fb9536f5746c2a86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5147f47534492456077c8aa5fb9536f5746c2a86
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
