[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Feb 8 17:59:49 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e6c75bd by Moritz Muehlenhoff at 2021-02-08T18:59:17+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10504,7 +10504,7 @@ CVE-2021-22163
 CVE-2021-22162
 	RESERVED
 CVE-2021-22161 (In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop c ...)
-	TODO: check
+	NOT-FOR-US: OpenWrt
 CVE-2021-22160
 	RESERVED
 CVE-2020-36159 (Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operation ...)
@@ -13117,7 +13117,7 @@ CVE-2020-35669 (An issue was discovered in the http package through 0.12.2 for D
 CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that lead ...)
 	NOT-FOR-US: RedisGraph
 CVE-2020-35667 (JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection because the /a ...)
 	NOT-FOR-US: Steedos Platform
 CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...)
@@ -15093,7 +15093,7 @@ CVE-2021-20654
 CVE-2021-20653
 	RESERVED
 CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...)
-	TODO: check
+	NOT-FOR-US: Name Directory
 CVE-2021-20651
 	RESERVED
 CVE-2021-20650
@@ -17473,7 +17473,7 @@ CVE-2020-35147
 CVE-2020-35146
 	RESERVED
 CVE-2020-35145 (Acronis True Image for Windows prior to 2021 Update 3 allowed local pr ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-35144
 	REJECTED
 CVE-2020-35143
@@ -24938,51 +24938,51 @@ CVE-2021-0367
 CVE-2021-0366
 	RESERVED
 CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use  ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0363 (In mobile_log_d, there is a possible command injection due to a missin ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0362 (In aee, there is a possible memory corruption due to a stack buffer ov ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0361 (In kisd, there is a possible out of bounds read due to improper input  ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0360 (In netdiag, there is a possible out of bounds write due to an incorrec ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0359 (In netdiag, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0358 (In netdiag, there is a possible command injection due to improper inpu ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0357 (In netdiag, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0356 (In netdiag, there is a possible command injection due to improper inpu ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0355 (In kisd, there is a possible out of bounds write due to an integer ove ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0354 (In ged, there is a possible out of bounds write due to an integer over ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0353 (In kisd, there is a possible memory corruption due to a heap buffer ov ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0352 (In RT regmap driver, there is a possible memory corruption due to type ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0351 (In wlan driver, there is a possible system crash due to a missing boun ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0350 (In ged, there is a possible system crash due to an improper input vali ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0349 (In display driver, there is a possible memory corruption due to a use  ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0348 (In vpu, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0347 (In ccu, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0346 (In vpu, there is a possible out of bounds write due to an incorrect bo ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0345 (In mobile_log_d, there is a possible escalation of privilege due to im ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0344 (In mtkpower, there is a possible memory corruption due to a missing bo ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0343 (In kisd, there is a possible out of bounds write due to a missing boun ...)
-	TODO: check
+	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0342 (In tun_get_user of tun.c, there is possible memory corruption due to a ...)
 	- linux 5.7.6-1
 	[buster] - linux 4.19.131-1
@@ -28298,11 +28298,11 @@ CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Ver
 CVE-2020-27250
 	RESERVED
 CVE-2020-27249 (A specially crafted document can cause the document parser to copy dat ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-27248 (A specially crafted document can cause the document parser to copy dat ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-27247 (A specially crafted document can cause the document parser to copy dat ...)
-	TODO: check
+	NOT-FOR-US: SoftMaker
 CVE-2020-27246
 	RESERVED
 CVE-2020-27245
@@ -58069,6 +58069,7 @@ CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which c
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2020-13924
 	RESERVED
+	NOT-FOR-US: Apache Ambari
 CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e6c75bdf6e29344be27a92d9e1cfb7e1ae1fc2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e6c75bdf6e29344be27a92d9e1cfb7e1ae1fc2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210208/79df6df3/attachment.html>

More information about the debian-security-tracker-commits mailing list