[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 24 14:11:42 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a400cbe by Salvatore Bonaccorso at 2021-12-24T15:11:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25469,7 +25469,7 @@ CVE-2021-36891
CVE-2021-36890
RESERVED
CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...)
@@ -29410,7 +29410,7 @@ CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can mov
CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
NOT-FOR-US: SolarWinds
CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...)
NOT-FOR-US: SolarWinds
CVE-2021-35241
@@ -40063,39 +40063,39 @@ CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handl
CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30933
REJECTED
CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30928
REJECTED
CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30925
REJECTED
CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30922
REJECTED
CVE-2021-30921
@@ -40133,7 +40133,7 @@ CVE-2021-30906 (This issue was addressed with improved checks. This issue is fix
CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...)
@@ -40147,7 +40147,7 @@ CVE-2021-30899 (A race condition was addressed with improved state handling. Thi
CVE-2021-30898
REJECTED
CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -40477,7 +40477,7 @@ CVE-2021-30769 (A logic issue was addressed with improved state management. This
CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...)
NOT-FOR-US: Apple
CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -50113,7 +50113,7 @@ CVE-2021-27008
CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway i ...)
NOT-FOR-US: NetApp Virtual Desktop Service
CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11. ...)
- TODO: check
+ NOT-FOR-US: StorageGRID
CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...)
@@ -60686,7 +60686,7 @@ CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may a
CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
NOT-FOR-US: Advantech iView
CVE-2021-22657 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API p ...)
- TODO: check
+ NOT-FOR-US: mySCADA myPRO
CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...)
NOT-FOR-US: Advantech iView
CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
@@ -66663,9 +66663,9 @@ CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag san
CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
NOT-FOR-US: EC-CUBE plugin
CVE-2021-20827 (Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Serie ...)
- TODO: check
+ NOT-FOR-US: IDEC
CVE-2021-20826 (Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A ...)
- TODO: check
+ NOT-FOR-US: IDEC
CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...)
NOT-FOR-US: EC-CUBE plugin
CVE-2021-20824
@@ -69262,7 +69262,7 @@ CVE-2020-35400
CVE-2020-35399
RESERVED
CVE-2020-35398 (An issue was discovered in UTI Mutual fund Android application 5.4.18 ...)
- TODO: check
+ NOT-FOR-US: UTI Mutual fund Android application
CVE-2020-35397
RESERVED
CVE-2020-35396 (EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting ( ...)
@@ -139864,7 +139864,7 @@ CVE-2020-3897 (A type confusion issue was addressed with improved memory handlin
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3896 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -139894,7 +139894,7 @@ CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issu
CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2020-3886 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -182823,9 +182823,9 @@ CVE-2019-8705 (A memory corruption issue was addressed with improved validation.
CVE-2019-8704 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
CVE-2019-8703 (This issue was addressed with improved entitlements. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8702 (This issue was addressed with a new entitlement. This issue is fixed i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8701 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8700
@@ -183039,7 +183039,7 @@ CVE-2019-8644 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8643 (CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Moja ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This issue wa ...)
NOT-FOR-US: Apple
CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...)
@@ -248020,7 +248020,7 @@ CVE-2018-4480
CVE-2018-4479
RESERVED
CVE-2018-4478 (A validation issue was addressed with improved logic. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4477
RESERVED
CVE-2018-4476
@@ -248434,7 +248434,7 @@ CVE-2018-4304 (A denial of service issue was addressed with improved validation.
CVE-2018-4303 (An input validation issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2018-4302 (A null pointer dereference was addressed with improved validation. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4301
RESERVED
NOT-FOR-US: Apple
@@ -271077,17 +271077,17 @@ CVE-2017-13912
CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...)
NOT-FOR-US: Apple
CVE-2017-13910 (An access issue was addressed with additional sandbox restrictions on ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13909 (An issue existed in the storage of sensitive tokens. This issue was ad ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13908 (An issue in handling file permissions was addressed with improved vali ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13907 (A state management issue was addressed with improved state validation. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13906 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13905 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...)
@@ -271113,7 +271113,7 @@ CVE-2017-13894
CVE-2017-13893
RESERVED
CVE-2017-13892 (An issue existed in the handling of Contact sharing. This issue was ad ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...)
NOT-FOR-US: Apple
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -271143,7 +271143,7 @@ CVE-2017-13882
CVE-2017-13881
RESERVED
CVE-2017-13880 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -271239,7 +271239,7 @@ CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before
CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
CVE-2017-13835 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -306382,7 +306382,7 @@ CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.
CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
NOT-FOR-US: Apple involving Intel Graphics Driver
CVE-2017-2488 (A cryptographic weakness existed in the authentication protocol of Rem ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
NOT-FOR-US: Apple involving FontParser component
CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
@@ -306640,7 +306640,7 @@ CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: Not covered by security support
CVE-2017-2375 (An issue existed in preventing the uploading of CallKit call history t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...)
NOT-FOR-US: Apple
CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a400cbe9a393da26ac0e9807e825c7ceadd8285
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a400cbe9a393da26ac0e9807e825c7ceadd8285
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211224/3ae6595e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list