Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45b2c80d by Moritz Muehlenhoff at 2021-09-15T11:12:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2021-41078
CVE-2021-3801
RESERVED
CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03
through 20 ...)
- TODO: check
+ NOT-FOR-US: Travis CI
CVE-2021-41076
RESERVED
CVE-2021-41075
@@ -92,7 +92,7 @@ CVE-2021-41035
CVE-2021-41034
RESERVED
CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until
version 4. ...)
- TODO: check
+ NOT-FOR-US: Eclipse Equinox
CVE-2021-41032
RESERVED
CVE-2021-41031
@@ -1948,7 +1948,7 @@ CVE-2021-40216
CVE-2021-40215
RESERVED
CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within
the wal ...)
- TODO: check
+ NOT-FOR-US: Gibbon
CVE-2021-40213
RESERVED
CVE-2021-40212
@@ -4254,11 +4254,11 @@ CVE-2021-39208
CVE-2021-39207 (parlai is a framework for training and evaluating AI models on
a varie ...)
TODO: check
CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy,
which P ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2021-39205
RESERVED
CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy,
which P ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2021-39203 (WordPress is a free and open-source content management system
written ...)
- wordpress <not-affected> (Only affects 5.8 beta 1; vulnerable code
introduced later)
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6
@@ -4359,7 +4359,7 @@ CVE-2021-39163 (Matrix is an ecosystem for open federated
Instant Messaging and
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
NOTE:
https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3
(v1.41.1)
CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy,
which P ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2021-39161 (Discourse is an open source platform for community discussion.
In affe ...)
NOT-FOR-US: Discourse
CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git
repository one ...)
@@ -5410,7 +5410,7 @@ CVE-2021-38675
CVE-2021-38674
RESERVED
CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly'
Flag ...)
- TODO: check
+ NOT-FOR-US: adminlte
CVE-2021-38673
RESERVED
CVE-2021-38672
@@ -12784,7 +12784,7 @@ CVE-2021-35495
CVE-2021-35494
RESERVED
CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components
of TIBCO ...)
- TODO: check
+ NOT-FOR-US: WebFOCUS
CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a
post-authentica ...)
NOT-FOR-US: Rapid7 Velociraptor
CVE-2021-35492
@@ -19311,7 +19311,7 @@ CVE-2021-32726 (Nextcloud Server is a Nextcloud package
that handles data storag
CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data
storage. In ...)
- nextcloud-server <itp> (bug #941708)
CVE-2021-32724 (check-spelling is a github action which provides CI spell
checking. In ...)
- TODO: check
+ NOT-FOR-US: Github
CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before
1.24.0 a ...)
NOT-FOR-US: Prism
CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to
48be7adb705 ...)
@@ -20544,7 +20544,7 @@ CVE-2021-32204
CVE-2021-32203
RESERVED
CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste
XSS by ...)
- TODO: check
+ NOT-FOR-US: CS-Cart
CVE-2021-32201
RESERVED
CVE-2021-32200
@@ -25580,9 +25580,9 @@ CVE-2021-30297
CVE-2021-30296
RESERVED
CVE-2021-30295 (Possible heap overflow due to improper validation of local
variable wh ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary
command due t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30293
RESERVED
CVE-2021-30292
@@ -54429,7 +54429,7 @@ CVE-2021-1964 (Possible buffer over read due to
improper validation of IE size w
CVE-2021-1963 (Possible use-after-free due to lack of validation for the rule
count i ...)
TODO: check
CVE-2021-1962 (Buffer Overflow while processing IOCTL for getting peripheral
endpoint ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1961 (Possible buffer overflow due to lack of offset length check
while upda ...)
TODO: check
CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted
opcode in LM ...)
@@ -54449,7 +54449,7 @@ CVE-2021-1954 (Possible buffer over read due to
improper validation of data poin
CVE-2021-1953 (Improper handling of received malformed FTMR request frame can
lead to ...)
NOT-FOR-US: Snapdragon
CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of
reques ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1951
RESERVED
CVE-2021-1950
@@ -54457,12 +54457,12 @@ CVE-2021-1950
CVE-2021-1949
RESERVED
CVE-2021-1948 (Possible out of bound read due to lack of length check of data
while p ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1947
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation
while pr ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1945 (Possible out of bound read due to lack of length check of
Bandwidth-NS ...)
NOT-FOR-US: Snapdragon
CVE-2021-1944
@@ -54472,7 +54472,7 @@ CVE-2021-1943 (Possible buffer out of bound read can
occur due to improper valid
CVE-2021-1942
RESERVED
CVE-2021-1941 (Possible buffer over read issue due to improper length check on
WPA IE ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1940 (Use after free can occur due to improper handling of response
from fir ...)
NOT-FOR-US: Snapdragon
CVE-2021-1939
@@ -54485,11 +54485,11 @@ CVE-2021-1937 (Reachable assertion is possible while
processing peer association
CVE-2021-1936
RESERVED
CVE-2021-1935 (Possible null pointer dereference due to lack of validation
check for ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1934 (Possible memory corruption due to improper check when
application load ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1933 (UE assertion is possible due to improper validation of invite
message ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1932
RESERVED
CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer
length w ...)
@@ -54537,7 +54537,7 @@ CVE-2021-1911
CVE-2021-1910 (Double free in video due to lack of input buffer length check
in Snapd ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1909 (Buffer overflow occurs in trusted applications due to lack of
length c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1908
RESERVED
CVE-2021-1907 (Possible buffer overflow due to lack of length check in BA
request in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45b2c80d6c4a30c320a26be7f588b7dac11c6a64
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45b2c80d6c4a30c320a26be7f588b7dac11c6a64
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
