[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Wed, 22 Dec 2021 13:22:18 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38a4f2eb by Salvatore Bonaccorso at 2021-12-22T22:21:20+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16785,9 +16785,9 @@ CVE-2021-40420
 CVE-2021-40419
        RESERVED
 CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service 
as a jo ...)
-       TODO: check
+       NOT-FOR-US: DaVinci Resolve
 CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service 
as a jo ...)
-       TODO: check
+       NOT-FOR-US: DaVinci Resolve
 CVE-2021-40416
        RESERVED
 CVE-2021-40415
@@ -62193,17 +62193,17 @@ CVE-2021-21908 (Specially-crafted command line 
arguments can lead to arbitrary f
 CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI 
getenv comma ...)
        TODO: check
 CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the 
CMA readfi ...)
-       TODO: check
+       NOT-FOR-US: Garrett Metal Detectors iC Module CMA
 CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the 
CMA readfi ...)
-       TODO: check
+       NOT-FOR-US: Garrett Metal Detectors iC Module CMA
 CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI 
setenv comma ...)
-       TODO: check
+       NOT-FOR-US: Garrett Metal Detectors iC Module CMA
 CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA 
check_ud ...)
-       TODO: check
+       NOT-FOR-US: Garrett Metal Detectors iC Module CMA
 CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA 
run_server_68 ...)
-       TODO: check
+       NOT-FOR-US: Garrett Metal Detectors iC Module CMA
 CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA 
check_ud ...)
-       TODO: check
+       NOT-FOR-US: Garrett Metal Detectors iC Module CMA
 CVE-2021-21900 (A code execution vulnerability exists in the 
dxfRW::processLType() fun ...)
        {DLA-2838-1}
        - librecad <unfixed>
@@ -62231,43 +62231,43 @@ CVE-2021-21897 (A code execution vulnerability exists 
in the DL_Dxf::handleLWPol
        NOTE: 
https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
        TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to 
check if actually used and issue affects those
 CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager 
FsBrowse ...)
-       TODO: check
+       NOT-FOR-US: Lantronix PremierWave
 CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager 
FsTFtp f ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager 
FsTFtp f ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine 
of Foxi ...)
        NOT-FOR-US: Foxit
 CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21888 (An OS command injection vulnerability exists in the Web 
Manager SslGen ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager 
FSBrowse ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager 
FsMove f ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21884 (An OS command injection vulnerability exists in the Web 
Manager SslGen ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21883 (An OS command injection vulnerability exists in the Web 
Manager Diagno ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21882 (An OS command injection vulnerability exists in the Web 
Manager FsUnmo ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21881 (An OS command injection vulnerability exists in the Web 
Manager Wirele ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager 
FsCopyFi ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager 
File Upl ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager 
Applica ...)
-       TODO: check
+       NOT-FOR-US: antronix PremierWave
 CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command 
executio ...)
        TODO: check
 CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command 
executio ...)
@@ -76067,11 +76067,11 @@ CVE-2021-1042 (In dsi_panel_debugfs_read_cmdset of 
dsi_panel.c, there is a possi
 CVE-2021-1041 (In (TBD) of (TBD), there is a possible out of bounds read due 
to memor ...)
        NOT-FOR-US: Google Pixel components
 CVE-2021-1040 (In onCreate of BluetoothPairingSelectionFragment.java, there is 
a poss ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is 
a possi ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a 
possible DoS ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1037
        RESERVED
 CVE-2021-1036
@@ -76089,17 +76089,17 @@ CVE-2021-1031 (In cancelNotificationsFromListener of 
NotificationManagerService.
 CVE-2021-1030 (In setNotificationsShownFromListener of 
NotificationManagerService.jav ...)
        NOT-FOR-US: Android
 CVE-2021-1029 (In setClientStateLocked of SurfaceFlinger.cpp, there is a 
possible out ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1028 (In setClientStateLocked of SurfaceFlinger.cpp, there is a 
possible out ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1027 (In setTransactionState of SurfaceFlinger, there is possible 
arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1026 (In startRanging of RttServiceImpl.java, there is a possible way 
to det ...)
        NOT-FOR-US: Android
 CVE-2021-1025 (In hasNamedWallpaper of WallpaperManagerService.java, there is 
a possi ...)
        NOT-FOR-US: Android
 CVE-2021-1024 (In onEventReceived of EventResultPersister.java, there is a 
possible i ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1023 (In onCreate of RequestIgnoreBatteryOptimizations.java, there is 
a poss ...)
        NOT-FOR-US: Android
 CVE-2021-1022 (In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is 
a poss ...)
@@ -76111,7 +76111,7 @@ CVE-2021-1020 (In snoozeNotification of 
NotificationListenerService.java, there
 CVE-2021-1019 (In snoozeNotification of NotificationListenerService.java, 
there is a  ...)
        NOT-FOR-US: Android
 CVE-2021-1018 (In adjustStreamVolume of AudioService.java, there is a possible 
way to ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1017 (In AdapterService and GattService definition of 
AndroidManifest.xml, t ...)
        NOT-FOR-US: Android
 CVE-2021-1016 (In onCreate of UsbPermissionActivity.java, there is a possible 
way to  ...)
@@ -76141,17 +76141,17 @@ CVE-2021-1005 (In getDeviceIdWithFeature of 
PhoneInterfaceManager.java, there is
 CVE-2021-1004 (In getConfiguredNetworks of WifiServiceImpl.java, there is a 
possible  ...)
        NOT-FOR-US: Android
 CVE-2021-1003 (In adjustStreamVolume of AudioService.java, there is a possible 
way fo ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of 
bounds ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible 
out of bo ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-1000
        RESERVED
 CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a 
possibl ...)
        NOT-FOR-US: Android
 CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a 
possible ou ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-0997 (In handleUpdateNetworkState of 
GnssNetworkConnectivityHandler.java , t ...)
        NOT-FOR-US: Android
 CVE-2021-0996 (In nfaHciCallback of HciEventManager.cpp, there is a possible 
out of b ...)
@@ -76195,7 +76195,7 @@ CVE-2021-0978 (In getSerialForPackage of 
DeviceIdentifiersPolicyService.java, th
 CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a 
possible out  ...)
        NOT-FOR-US: Android
 CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read 
due to a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-0975
        RESERVED
 CVE-2021-0974
@@ -76369,27 +76369,27 @@ CVE-2021-0905
 CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an 
insecure p ...)
        NOT-FOR-US: MediaTek components for Android
 CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a 
missing bo ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an 
incorrect  ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0901 (In apusys, there is a possible memory corruption due to a 
missing boun ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an 
incorrect  ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use 
after fr ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use 
after fr ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a 
missing bo ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a 
missing bo ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a 
missing bo ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a 
missing bo ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use 
after fr ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0892
        RESERVED
 CVE-2021-0891
@@ -76818,19 +76818,19 @@ CVE-2021-0681 (In system properties, there is a 
possible information disclosure
 CVE-2021-0680 (In system properties, there is a possible information 
disclosure due t ...)
        NOT-FOR-US: MediaTek components for Android
 CVE-2021-0679 (In apusys, there is a possible memory corruption due to a 
missing boun ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a 
missing bo ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an 
intege ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due 
to an  ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to 
an inc ...)
        NOT-FOR-US: MediaTek components for Android
 CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to 
an inco ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due 
to a m ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2021-0672 (In Browser app, there is a possible information disclosure due 
to a mi ...)
        NOT-FOR-US: MediaTek components for Android
 CVE-2021-0671 (In apusys, there is a possible memory corruption due to a 
missing boun ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a4f2ebafc12e84793dfa02f1a93108a0fb5cc7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a4f2ebafc12e84793dfa02f1a93108a0fb5cc7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to