[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 16 10:59:03 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65e3217d by Moritz Muehlenhoff at 2021-07-16T11:58:33+02:00
NFUs
new edk2 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49598,7 +49598,7 @@ CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, t
 CVE-2021-0519
 	RESERVED
 CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a possible ...)
 	NOT-FOR-US: Android
 CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of b ...)
@@ -51117,11 +51117,11 @@ CVE-2021-0293 (A vulnerability in Juniper Networks Junos OS caused by Missing Re
 CVE-2021-0292 (An Uncontrolled Resource Consumption vulnerability in the ARP daemon ( ...)
 	NOT-FOR-US: Juniper
 CVE-2021-0291 (An Exposure of System Data vulnerability in Juniper Networks Junos OS  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2021-0290 (Improper Handling of Exceptional Conditions in Ethernet interface fram ...)
 	NOT-FOR-US: Juniper
 CVE-2021-0289 (When user-defined ARP Policer is configured and applied on one or more ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2021-0288 (A vulnerability in the processing of specific MPLS packets in Juniper  ...)
 	NOT-FOR-US: Juniper
 CVE-2021-0287 (In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Netwo ...)
@@ -52139,7 +52139,7 @@ CVE-2021-0146
 CVE-2021-0145
 	RESERVED
 CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...)
 	NOT-FOR-US: Intel
 CVE-2021-0142
@@ -60853,7 +60853,7 @@ CVE-2020-24135 (A Reflected Cross Site Scripting (XSS) Vulnerability was discove
 CVE-2020-24134
 	RESERVED
 CVE-2020-24133 (A heap buffer overflow vulnerability in the r_asm_swf_disass function  ...)
-	TODO: check
+	NOT-FOR-US: radare2 extras
 CVE-2020-24132
 	RESERVED
 CVE-2020-24131
@@ -61747,11 +61747,11 @@ CVE-2020-23709
 CVE-2020-23708
 	RESERVED
 CVE-2020-23707 (A heap-based buffer overflow vulnerability in the function ok_jpg_deco ...)
-	TODO: check
+	NOT-FOR-US: ok-file-formats
 CVE-2020-23706 (A heap-based buffer overflow vulnerability in the function ok_jpg_deco ...)
-	TODO: check
+	NOT-FOR-US: ok-file-formats
 CVE-2020-23705 (A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2020-23704
 	RESERVED
 CVE-2020-23703
@@ -63392,7 +63392,7 @@ CVE-2020-22909
 CVE-2020-22908
 	RESERVED
 CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in jsish bef ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2020-22906
 	RESERVED
 CVE-2020-22905
@@ -63440,11 +63440,11 @@ CVE-2020-22885 (Buffer overflow vulnerability in mujs before 1.0.8 due to recurs
 	- mujs 1.0.9-1
 	NOTE: https://github.com/ccxvii/mujs/issues/133
 CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in Espruin ...)
-	TODO: check
+	NOT-FOR-US: Espruino
 CVE-2020-22883
 	RESERVED
 CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable, allows  ...)
-	TODO: check
+	NOT-FOR-US: Moddable
 CVE-2020-22881
 	RESERVED
 CVE-2020-22880
@@ -63456,13 +63456,13 @@ CVE-2020-22878
 CVE-2020-22877
 	RESERVED
 CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote a ...)
-	TODO: check
+	NOT-FOR-US: QuickJS
 CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in jsish b ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish  ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd in jsis ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2020-22872
 	RESERVED
 CVE-2020-22871
@@ -69535,7 +69535,7 @@ CVE-2020-19909
 CVE-2020-19908
 	RESERVED
 CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...)
-	TODO: check
+	NOT-FOR-US: Caldera plugin
 CVE-2020-19906
 	RESERVED
 CVE-2020-19905
@@ -73094,9 +73094,9 @@ CVE-2020-18147
 CVE-2020-18146
 	RESERVED
 CVE-2020-18145 (Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /publi ...)
-	TODO: check
+	NOT-FOR-US: umeditor
 CVE-2020-18144 (SQL Injection Vulnerability in ECTouch v2 via the integral_min paramet ...)
-	TODO: check
+	NOT-FOR-US: ECTouch
 CVE-2020-18143
 	RESERVED
 CVE-2020-18142
@@ -79234,7 +79234,7 @@ CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.
 CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build ...)
 	NOT-FOR-US: Jalios JCMS
 CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...)
 	NOT-FOR-US: Acronis
 CVE-2020-15494
@@ -90667,11 +90667,11 @@ CVE-2020-11636
 CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently valid ...)
 	NOT-FOR-US: Zscaler Client Connector
 CVE-2020-11634 (The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL  ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...)
 	NOT-FOR-US: Zscaler Client Connector for Windows
 CVE-2020-11632 (The Zscaler Client Connector prior to 2.1.2.150 did not quote the sear ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
 	NOT-FOR-US: EJBCA / PrimeKey
 CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
@@ -100862,7 +100862,7 @@ CVE-2020-7874
 CVE-2020-7873
 	RESERVED
 CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vuln ...)
-	TODO: check
+	NOT-FOR-US: DaviewIndy
 CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to  ...)
 	NOT-FOR-US: Cnesty Helpcom
 CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly handles ...)
@@ -146599,7 +146599,8 @@ CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R) AMT
 CVE-2019-11099
 	RESERVED
 CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...)
-	TODO: check
+	- edk2 <unfixed>
+	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=316
 CVE-2019-11097 (Improper directory permissions in the installer for Intel(R) Managemen ...)
 	NOT-FOR-US: Intel
 CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218 Adapter driv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65e3217d07758760281af253e6b9e1eb0b490d68

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65e3217d07758760281af253e6b9e1eb0b490d68
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210716/b30e7b70/attachment.htm>

More information about the debian-security-tracker-commits mailing list