[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 20 Jun 2022 14:31:19 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9c67d6cb by Moritz Muehlenhoff at 2022-06-20T23:30:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23153,7 +23153,7 @@ CVE-2022-25774
 CVE-2022-25773
        RESERVED
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking 
compone ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25771
        RESERVED
 CVE-2022-25770
@@ -49365,7 +49365,7 @@ CVE-2022-20205 (In isFileUri of FileUtil.java, there is 
a possible way to bypass
 CVE-2022-20204 (In registerRemoteBugreportReceivers of 
DevicePolicyManagerService.java ...)
        NOT-FOR-US: Google Pixel
 CVE-2022-20203 (In multiple locations of the nanopb library, there is a 
possible way t ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of 
ih264_resi_trans_quant_sse42.c, ...)
        NOT-FOR-US: Google Pixel
 CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a 
possible out of ...)
@@ -51823,7 +51823,7 @@ CVE-2021-41740
 CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica 
Proxy 4. ...)
        NOT-FOR-US: Artica Web Proxy
 CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in 
/cgi-bin/kerb ...)
-       TODO: check
+       NOT-FOR-US: ZeroShell
 CVE-2021-41737
        RESERVED
        - faust <unfixed>
@@ -53566,7 +53566,7 @@ CVE-2021-41043 (Use after free in tcpslice triggers 
AddressSanitizer, no other c
 CVE-2021-41042
        RESERVED
 CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 &amp; 11 fail 
to throw ...)
-       TODO: check
+       NOT-FOR-US: Eclipse OpenJ9
 CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, 
the CoA ...)
        NOT-FOR-US: Eclipse Wakaama
 CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 
client conn ...)
@@ -54472,7 +54472,7 @@ CVE-2021-40670 (SQL Injection vulnerability exists in 
Wuzhi CMS 4.1.0 via the ke
 CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the 
keywords ...)
        NOT-FOR-US: Wuzhi CMS
 CVE-2021-40668 (The Android application HTTP File Server (Version 1.4.1) by 
'slowscrip ...)
-       TODO: check
+       NOT-FOR-US: Android application HTTP File Server
 CVE-2021-40667
        RESERVED
 CVE-2021-40666
@@ -54492,7 +54492,7 @@ CVE-2021-40660 (An issue was discovered in Delight 
Nashorn Sandbox 0.2.0. There
 CVE-2021-40659
        RESERVED
 CVE-2021-40658 (Textpattern 4.8.7 is affected by a HTML injection 
vulnerability throug ...)
-       TODO: check
+       NOT-FOR-US: Textpattern CMS
 CVE-2021-40657
        RESERVED
 CVE-2021-40656 (libsixel before 1.10 is vulnerable to Buffer Overflow in 
libsixel/src/ ...)
@@ -54586,7 +54586,7 @@ CVE-2021-40618 (An SQL Injection vulnerability exists 
in openSIS Classic 8.0 via
 CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community 
Edition ver ...)
        NOT-FOR-US: openSIS
 CVE-2021-40616 (thinkcmf v5.1.7 has an unauthorized vulnerability. The 
attacker can mo ...)
-       TODO: check
+       NOT-FOR-US: thinkcmf
 CVE-2021-40615
        RESERVED
 CVE-2021-40614
@@ -55666,7 +55666,7 @@ CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored 
XSS vulnerability within t
 CVE-2021-40213
        RESERVED
 CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 
1.7.2152 ...)
-       TODO: check
+       NOT-FOR-US: PotPlayer
 CVE-2021-40211
        RESERVED
 CVE-2021-40210
@@ -56120,7 +56120,7 @@ CVE-2021-40038 (There is a Double free vulnerability in 
the AOD module in smartp
 CVE-2021-40037 (There is a Vulnerability of accessing resources using an 
incompatible  ...)
        NOT-FOR-US: Huawei
 CVE-2021-40036 (The bone voice ID TA has a memory overwrite vulnerability. 
Successful  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary 
error with  ...)
        NOT-FOR-US: Huawei
 CVE-2021-40034
@@ -60553,7 +60553,7 @@ CVE-2021-38223
 CVE-2021-38222
        RESERVED
 CVE-2021-38221 (bbs-go &lt;= 3.3.0 including Custom Edition is vulnerable to 
stored XS ...)
-       TODO: check
+       NOT-FOR-US: bbs-go
 CVE-2021-38220
        RESERVED
 CVE-2021-38219
@@ -61925,7 +61925,7 @@ CVE-2021-37766
 CVE-2021-37765
        RESERVED
 CVE-2021-37764 (Arbitrary File Deletion vulnerability in XOS-Shop 
xos_shop_system 1.0. ...)
-       TODO: check
+       NOT-FOR-US: XOS-Shop
 CVE-2021-37763
        RESERVED
 CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows 
unrestr ...)
@@ -64723,9 +64723,9 @@ CVE-2021-36611
 CVE-2021-36610
        RESERVED
 CVE-2021-36609 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 
via the Na ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-36608 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 
via the Na ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-36607
        RESERVED
 CVE-2021-36606
@@ -68294,7 +68294,7 @@ CVE-2021-35132
 CVE-2021-35131
        RESERVED
 CVE-2021-35130 (Memory corruption in graphics support layer due to use after 
free cond ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-35129 (Memory corruption in BT controller due to improper length 
check while  ...)
        NOT-FOR-US: Snapdragon
 CVE-2021-35128
@@ -68302,13 +68302,13 @@ CVE-2021-35128
 CVE-2021-35127
        RESERVED
 CVE-2021-35126 (Memory corruption in DSP service due to improper validation of 
input p ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-35125
        RESERVED
 CVE-2021-35124
        RESERVED
 CVE-2021-35123 (Buffer copy in GATT multi notification due to improper length 
check fo ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-35122
        RESERVED
 CVE-2021-35121 (An array index is improperly used to lock and unlock a mutex 
which can ...)
@@ -68346,7 +68346,7 @@ CVE-2021-35106 (Possible out of bound read due to 
improper length calculation of
 CVE-2021-35105 (Possible out of bounds access due to improper input validation 
during  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-35104 (Possible buffer overflow due to improper parsing of headers 
while play ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2021-35103 (Possible out of bound write due to improper validation of 
number of ti ...)
        NOT-FOR-US: Qualcomm QCA-WiFi for Android
 CVE-2021-35102 (Possible buffer overflow due to lack of validation for the 
length of N ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c67d6cb070f32c907128e7a82e034bda90068c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c67d6cb070f32c907128e7a82e034bda90068c5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to