[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sun, 31 Oct 2021 01:04:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e9163161 by Salvatore Bonaccorso at 2021-10-31T09:04:06+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -205,7 +205,7 @@ CVE-2021-43011
 CVE-2021-3905
        RESERVED
 CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During 
Web Page ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
        - vim 2:8.2.3565-1
        NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
@@ -5628,7 +5628,7 @@ CVE-2021-41155 (Tuleap is a Free &amp; Open Source Suite 
to improve management o
 CVE-2021-41154 (Tuleap is a Free &amp; Open Source Suite to improve management 
of soft ...)
        NOT-FOR-US: Tuleap
 CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum 
Virtual Machin ...)
-       TODO: check
+       NOT-FOR-US: Rust evm crate
 CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, 
learning, as ...)
        NOT-FOR-US: OpenOlat
 CVE-2021-41151 (Backstage is an open platform for building developer portals. 
In affec ...)
@@ -5915,7 +5915,7 @@ CVE-2021-41037
 CVE-2021-41036
        RESERVED
 CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not 
throw Illega ...)
-       TODO: check
+       NOT-FOR-US: Eclipse OpenJ9
 CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 
includes pu ...)
        NOT-FOR-US: Eclipse Che
 CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until 
version 4. ...)
@@ -10228,17 +10228,17 @@ CVE-2021-39227 (ZRender is a lightweight graphic 
library providing 2d draw for A
 CVE-2021-39226 (Grafana is an open source data visualization platform. In 
affected ver ...)
        - grafana <removed>
 CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity 
platform. A miss ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Deck
 CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity 
platform. The Ne ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud OfficeOnline
 CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity 
platform. The Ne ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Richdocuments
 CVE-2021-39222
        RESERVED
 CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity 
platform. The Ne ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Contacts
 CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform 
The Nex ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Mail
 CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. 
Wasmtim ...)
        NOT-FOR-US: wasmtime
 CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. 
In Wasm ...)
@@ -15960,7 +15960,7 @@ CVE-2021-36810
 CVE-2021-36809
        RESERVED
 CVE-2021-36808 (A local attacker could bypass the app password using a race 
condition  ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2021-36807
        RESERVED
 CVE-2021-36806
@@ -30416,7 +30416,7 @@ CVE-2021-30901 (Multiple out-of-bounds write issues 
were addressed with improved
 CVE-2021-30900 (An out-of-bounds write issue was addressed with improved 
bounds checki ...)
        NOT-FOR-US: Apple
 CVE-2021-30899 (A race condition was addressed with improved state handling. 
This issu ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2021-30898
        REJECTED
 CVE-2021-30897
@@ -49907,7 +49907,7 @@ CVE-2021-22963 (A redirect vulnerability in the 
fastify-static module version &l
 CVE-2021-22962
        RESERVED
 CVE-2021-22961 (A code injection vulnerability exists within the firewall 
software of  ...)
-       TODO: check
+       NOT-FOR-US: GlassWire
 CVE-2021-22960 [HTTP Request Smuggling when parsing the body]
        RESERVED
        - nodejs 12.22.7~dfsg-1
@@ -51997,7 +51997,7 @@ CVE-2021-22103
 CVE-2021-22102
        RESERVED
 CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to 
unauthent ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry Cloud Controller
 CVE-2021-22100
        RESERVED
 CVE-2021-22099
@@ -52123,9 +52123,9 @@ CVE-2021-22040
 CVE-2021-22039
        RESERVED
 CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed 
temporary  ...)
-       TODO: check
+       NOT-FOR-US: InstallBuilder
 CVE-2021-22037 (Under certain circumstances, when manipulating the Windows 
registry, I ...)
-       TODO: check
+       NOT-FOR-US: InstallBuilder
 CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an 
open redi ...)
        NOT-FOR-US: VMware
 CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a 
CSV(Comma Se ...)
@@ -61414,7 +61414,7 @@ CVE-2021-1823
 CVE-2021-1822 (A logic issue was addressed with improved restrictions. This 
issue is  ...)
        NOT-FOR-US: Apple
 CVE-2021-1821 (A logic issue was addressed with improved state management. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2021-1820 (A memory initialization issue was addressed with improved 
memory handl ...)
        {DSA-4797-1}
        - webkit2gtk 2.30.1-1
@@ -61665,7 +61665,7 @@ CVE-2020-29631
 CVE-2020-29630
        RESERVED
 CVE-2020-29629 (An out-of-bounds read was addressed with improved input 
validation. Th ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2020-29628
        RESERVED
 CVE-2020-29627
@@ -65394,17 +65394,17 @@ CVE-2021-1125
 CVE-2021-1124
        RESERVED
 CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer 
(nvlddmkm.sy ...)
        TODO: check
 CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability 
in the  ...)
@@ -74249,7 +74249,7 @@ CVE-2020-25883
 CVE-2020-25882
        RESERVED
 CVE-2020-25881 (A vulnerability was discovered in the filename parameter in 
pathindex. ...)
-       TODO: check
+       NOT-FOR-US: RKCMS
 CVE-2020-25880
        RESERVED
 CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 
'Manage Users ...)
@@ -74265,9 +74265,9 @@ CVE-2020-25875 (A stored cross site scripting (XSS) 
vulnerability in the 'Smiley
 CVE-2020-25874
        RESERVED
 CVE-2020-25873 (A directory traversal vulnerability in the component 
system/manager/cl ...)
-       TODO: check
+       NOT-FOR-US: Baijiacms
 CVE-2020-25872 (A vulnerability exists within the FileManagerController.php 
function i ...)
-       TODO: check
+       NOT-FOR-US: FrogCMS
 CVE-2020-25871
        RESERVED
 CVE-2020-25870
@@ -82864,7 +82864,7 @@ CVE-2020-22081
 CVE-2020-22080
        RESERVED
 CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router 
US_AC10UV1.0 ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2020-22078
        RESERVED
 CVE-2020-22077
@@ -113827,7 +113827,7 @@ CVE-2020-9899 (A memory corruption issue was 
addressed with improved input valid
 CVE-2020-9898 (This issue was addressed with improved entitlements. This issue 
is fix ...)
        NOT-FOR-US: Apple
 CVE-2020-9897 (An out-of-bounds write was addressed with improved input 
validation. T ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2020-9896
        RESERVED
 CVE-2020-9895 (A use after free issue was addressed with improved memory 
management.  ...)
@@ -114197,7 +114197,7 @@ CVE-2020-10007 (A logic issue was addressed with 
improved state management. This
 CVE-2020-10006 (This issue was addressed with improved entitlements. This 
issue is fix ...)
        NOT-FOR-US: Apple
 CVE-2020-10005 (A resource exhaustion issue was addressed with improved input 
validati ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2020-10004 (A logic issue was addressed with improved state management. 
This issue ...)
        NOT-FOR-US: Apple
 CVE-2020-10003 (An issue existed within the path validation logic for 
symlinks. This i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91631618a704e276ac0e7e62b67e28a14a426b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91631618a704e276ac0e7e62b67e28a14a426b5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to