[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 16 10:15:45 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d688d09e by Moritz Muehlenhoff at 2021-07-16T11:15:26+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...)
- TODO: check
+ NOT-FOR-US: 1Password
CVE-2021-36757
RESERVED
CVE-2021-36756
RESERVED
CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...)
- TODO: check
+ NOT-FOR-US: Nightscout Web Monitor
CVE-2021-36754
RESERVED
CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...)
- TODO: check
+ NOT-FOR-US: sharkdp BAT
CVE-2021-36752
RESERVED
CVE-2021-36751
@@ -8990,7 +8990,7 @@ CVE-2021-32772
CVE-2021-32771
RESERVED
CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
- TODO: check
+ NOT-FOR-US: Gatsby
CVE-2021-32769
RESERVED
CVE-2021-32768
@@ -9002,7 +9002,7 @@ CVE-2021-32766
CVE-2021-32765
RESERVED
CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2021-32763
RESERVED
CVE-2021-32762
@@ -9020,7 +9020,7 @@ CVE-2021-32757
CVE-2021-32756
RESERVED
CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles authentic ...)
- TODO: check
+ NOT-FOR-US: wire-ios (iOS version of Wire)
CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2. ...)
NOT-FOR-US: FlowDroid
CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...)
@@ -9030,11 +9030,12 @@ CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in t
CVE-2021-32751
RESERVED
CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...)
- TODO: check
+ NOT-FOR-US: MuWire
CVE-2021-32749
RESERVED
- fail2ban 0.11.2-2
NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
+ NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9
CVE-2021-32748
RESERVED
CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...)
@@ -10851,7 +10852,7 @@ CVE-2021-32001
CVE-2021-32000
RESERVED
CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
- inn2 <not-affected> (SuSE-specific packaging issue)
CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
@@ -27461,12 +27462,12 @@ CVE-2021-25321 (A UNIX Symbolic Link (Symlink) Following vulnerability in arpwat
NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does apply permissions
NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time
CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows users in th ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...)
- virtualbox <not-affected> (openSUSE specific security issue in the openSUSE packaging)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource vulnerability ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...)
- cups <not-affected> (In Debian /var/log/cups is owned by root:root)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
@@ -30090,7 +30091,7 @@ CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerabilit
CVE-2021-24118
RESERVED
CVE-2021-24117 (In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file dec ...)
- TODO: check
+ NOT-FOR-US: Rust SGX
CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...)
- wolfssl <unfixed>
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
@@ -31763,11 +31764,11 @@ CVE-2021-23409
CVE-2021-23408
RESERVED
CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before 1.2.4. Th ...)
- TODO: check
+ NOT-FOR-US: elFinder.Net.Core
CVE-2021-23406
RESERVED
CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This issue exi ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2021-23404
RESERVED
CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Pollutio ...)
@@ -31800,9 +31801,9 @@ CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expr
CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...)
NOT-FOR-US: Node calipso
CVE-2021-23390 (The package total4 before 0.0.43 are vulnerable to Arbitrary Code Exec ...)
- TODO: check
+ NOT-FOR-US: Node total4
CVE-2021-23389 (The package total.js before 3.4.9 are vulnerable to Arbitrary Code Exe ...)
- TODO: check
+ NOT-FOR-US: Node total4
CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...)
NOT-FOR-US: Node forms
CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
@@ -32953,7 +32954,7 @@ CVE-2021-22869
CVE-2021-22868
RESERVED
CVE-2021-22867 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22865 (An improper access control vulnerability was identified in GitHub Ente ...)
@@ -39290,11 +39291,11 @@ CVE-2021-20786
CVE-2021-20785
RESERVED
CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions except ...)
- TODO: check
+ NOT-FOR-US: Everything
CVE-2021-20783
RESERVED
CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Cu ...)
@@ -45430,7 +45431,7 @@ CVE-2020-29159 (An issue was discovered in Zammad before 3.5.1. The default sign
CVE-2020-29158 (An issue was discovered in Zammad before 3.5.1. An Agent with Customer ...)
- zammad <itp> (bug #841355)
CVE-2020-29157 (An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform ...)
- TODO: check
+ NOT-FOR-US: RAONWIZ K Editor
CVE-2020-29156 (The WooCommerce plugin before 4.7.0 for WordPress allows remote attack ...)
NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2020-29155
@@ -49321,7 +49322,7 @@ CVE-2021-0656
CVE-2021-0655
RESERVED
CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0653
RESERVED
CVE-2021-0652
@@ -49425,45 +49426,45 @@ CVE-2021-0605 (In pfkey_dump of af_key.c, there is a possible out-of-bounds read
[stretch] - linux 4.9.240-1
NOTE: https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac
CVE-2021-0604 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0603 (In onCreate of ContactSelectionActivity.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0602 (In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0601 (In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of boun ...)
- TODO: check
+ NOT-FOR-US: Android media framework
CVE-2021-0600 (In onCreate of DeviceAdminAdd.java, there is a possible way to mislead ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0599 (In scheduleTimeoutLocked of NotificationRecord.java, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0598
RESERVED
CVE-2021-0597 (In notifyProfileAdded and notifyProfileRemoved of SipService.java, the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0596 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0595
RESERVED
CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0593
RESERVED
CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2021-0591
RESERVED
CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0589 (In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0588 (In processInboundMessage of MceStateMachine.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0587 (In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android media framework
CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way to t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0584
RESERVED
CVE-2021-0583
@@ -49479,7 +49480,7 @@ CVE-2021-0579
CVE-2021-0578
RESERVED
CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...)
- TODO: check
+ NOT-FOR-US: MediaTek components for Android
CVE-2021-0576
RESERVED
CVE-2021-0575
@@ -49603,9 +49604,9 @@ CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a pos
CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of b ...)
NOT-FOR-US: Android
CVE-2021-0515 (In Factory::CreateStrictFunctionMap of factory.cc, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0514 (In several functions of the V8 library, there is a possible use after ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0513 (In deleteNotificationChannel and related functions of NotificationMana ...)
NOT-FOR-US: Android
CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c, there is a ...)
@@ -49664,7 +49665,7 @@ CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds wri
CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible way to ...)
NOT-FOR-US: Android
CVE-2021-0486 (In onPackageAddedInternal of PermissionManagerService.java, there is p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypa ...)
NOT-FOR-US: Android
CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...)
@@ -49756,7 +49757,7 @@ CVE-2021-0443 (In several functions of ScreenshotHelper.java and related files,
CVE-2021-0442 (In updateInfo of android_hardware_input_InputApplicationHandle.cpp, th ...)
NOT-FOR-US: Android
CVE-2021-0441 (In onCreate of PermissionActivity.java, there is a possible permission ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0440
RESERVED
CVE-2021-0439 (In setPowerModeWithHandle of com_android_server_power_PowerManagerServ ...)
@@ -123756,7 +123757,7 @@ CVE-2020-0419 (In generateInfo of PackageInstallerSession.java, there is a possi
CVE-2020-0418 (In getPermissionInfosForGroup of Utils.java, there is a logic error. T ...)
NOT-FOR-US: Android
CVE-2020-0417 (In setNiNotification of GpsNetInitiatedHandler.java, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0416 (In multiple settings screens, there are possible tapjacking attacks du ...)
NOT-FOR-US: Android
CVE-2020-0415 (In various locations in SystemUI, there is a possible permission bypas ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d688d09ea60055379a4df2cc521c873135158abb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d688d09ea60055379a4df2cc521c873135158abb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210716/db469c4f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list