Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2656a01 by Moritz Muehlenhoff at 2021-11-15T18:24:35+01:00
NFUs
new gitlab issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -249,7 +249,7 @@ CVE-2021-43622
CVE-2021-43621
RESERVED
CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for
Rust. Se ...)
- TODO: check
+ NOT-FOR-US: Rust crate fruity
CVE-2021-43619
RESERVED
CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1
has an m ...)
@@ -410,7 +410,7 @@ CVE-2021-3946
CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of
Input Duri ...)
NOT-FOR-US: django-helpdesk
CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote
attackers (fro ...)
- TODO: check
+ NOT-FOR-US: Diffie Hellmann kex protocol issue
CVE-2021-3944
RESERVED
CVE-2021-3943
@@ -12614,7 +12614,7 @@ CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site
Request Forgery (CSRF) ..
CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
NOT-FOR-US: SafeCurl
CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability
affecting in ...)
- TODO: check
+ NOT-FOR-US: Jamf Pro
CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection
via the ...)
NOT-FOR-US: MISP
CVE-2021-39301
@@ -34866,7 +34866,7 @@ CVE-2021-30323
CVE-2021-30322
RESERVED
CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check
during ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-30320
RESERVED
CVE-2021-30319
@@ -34976,7 +34976,7 @@ CVE-2021-30268
CVE-2021-30267
RESERVED
CVE-2021-30266 (Possible use after free due to improper memory validation when
initial ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30265 (Possible memory corruption due to improper validation of
memory addres ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30264 (Possible use after free due improper validation of reference
from call ...)
@@ -54403,7 +54403,7 @@ CVE-2021-22262 (Missing access control in GitLab
version 13.10 and above with Ji
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira
integration in ...)
- gitlab <unfixed>
CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog
integration ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE
starting wit ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater
could be u ...)
@@ -64034,7 +64034,7 @@ CVE-2021-1914 (Loop with unreachable exit condition may
occur due to improper ha
CVE-2021-1913 (Possible integer overflow due to improper length check while
updating ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1912 (Possible integer overflow can occur due to improper length
check while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1911
RESERVED
CVE-2021-1910 (Double free in video due to lack of input buffer length check
in Snapd ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2656a0194343e21629c334ae35fb40ad7a2281c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2656a0194343e21629c334ae35fb40ad7a2281c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
