[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 22 21:22:05 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38a4f2eb by Salvatore Bonaccorso at 2021-12-22T22:21:20+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16785,9 +16785,9 @@ CVE-2021-40420
CVE-2021-40419
RESERVED
CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
- TODO: check
+ NOT-FOR-US: DaVinci Resolve
CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
- TODO: check
+ NOT-FOR-US: DaVinci Resolve
CVE-2021-40416
RESERVED
CVE-2021-40415
@@ -62193,17 +62193,17 @@ CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary f
CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI getenv comma ...)
TODO: check
CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
- TODO: check
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
- TODO: check
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI setenv comma ...)
- TODO: check
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
- TODO: check
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_server_68 ...)
- TODO: check
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
- TODO: check
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
{DLA-2838-1}
- librecad <unfixed>
@@ -62231,43 +62231,43 @@ CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPol
NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...)
- TODO: check
+ NOT-FOR-US: Lantronix PremierWave
CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21888 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager FSBrowse ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager FsMove f ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21884 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21883 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21882 (An OS command injection vulnerability exists in the Web Manager FsUnmo ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21881 (An OS command injection vulnerability exists in the Web Manager Wirele ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager FsCopyFi ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager File Upl ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager Applica ...)
- TODO: check
+ NOT-FOR-US: antronix PremierWave
CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
TODO: check
CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
@@ -76067,11 +76067,11 @@ CVE-2021-1042 (In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possi
CVE-2021-1041 (In (TBD) of (TBD), there is a possible out of bounds read due to memor ...)
NOT-FOR-US: Google Pixel components
CVE-2021-1040 (In onCreate of BluetoothPairingSelectionFragment.java, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1037
RESERVED
CVE-2021-1036
@@ -76089,17 +76089,17 @@ CVE-2021-1031 (In cancelNotificationsFromListener of NotificationManagerService.
CVE-2021-1030 (In setNotificationsShownFromListener of NotificationManagerService.jav ...)
NOT-FOR-US: Android
CVE-2021-1029 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1028 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1027 (In setTransactionState of SurfaceFlinger, there is possible arbitrary ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1026 (In startRanging of RttServiceImpl.java, there is a possible way to det ...)
NOT-FOR-US: Android
CVE-2021-1025 (In hasNamedWallpaper of WallpaperManagerService.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2021-1024 (In onEventReceived of EventResultPersister.java, there is a possible i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1023 (In onCreate of RequestIgnoreBatteryOptimizations.java, there is a poss ...)
NOT-FOR-US: Android
CVE-2021-1022 (In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a poss ...)
@@ -76111,7 +76111,7 @@ CVE-2021-1020 (In snoozeNotification of NotificationListenerService.java, there
CVE-2021-1019 (In snoozeNotification of NotificationListenerService.java, there is a ...)
NOT-FOR-US: Android
CVE-2021-1018 (In adjustStreamVolume of AudioService.java, there is a possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1017 (In AdapterService and GattService definition of AndroidManifest.xml, t ...)
NOT-FOR-US: Android
CVE-2021-1016 (In onCreate of UsbPermissionActivity.java, there is a possible way to ...)
@@ -76141,17 +76141,17 @@ CVE-2021-1005 (In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is
CVE-2021-1004 (In getConfiguredNetworks of WifiServiceImpl.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2021-1003 (In adjustStreamVolume of AudioService.java, there is a possible way fo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-1000
RESERVED
CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a possibl ...)
NOT-FOR-US: Android
CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0997 (In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , t ...)
NOT-FOR-US: Android
CVE-2021-0996 (In nfaHciCallback of HciEventManager.cpp, there is a possible out of b ...)
@@ -76195,7 +76195,7 @@ CVE-2021-0978 (In getSerialForPackage of DeviceIdentifiersPolicyService.java, th
CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out ...)
NOT-FOR-US: Android
CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read due to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0975
RESERVED
CVE-2021-0974
@@ -76369,27 +76369,27 @@ CVE-2021-0905
CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an incorrect ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0901 (In apusys, there is a possible memory corruption due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an incorrect ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use after fr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use after fr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use after fr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0892
RESERVED
CVE-2021-0891
@@ -76818,19 +76818,19 @@ CVE-2021-0681 (In system properties, there is a possible information disclosure
CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0679 (In apusys, there is a possible memory corruption due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an intege ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due to an ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to an inco ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a4f2ebafc12e84793dfa02f1a93108a0fb5cc7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a4f2ebafc12e84793dfa02f1a93108a0fb5cc7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211222/ab574bee/attachment.htm>
More information about the debian-security-tracker-commits
mailing list