[Git][security-tracker-team/security-tracker][master] new edk2, iotjs issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 14 15:01:00 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1325fa93 by Moritz Muehlenhoff at 2021-06-14T16:00:22+02:00
new edk2, iotjs issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15293,7 +15293,8 @@ CVE-2021-28215
 CVE-2021-28214
 	RESERVED
 CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...)
-	TODO: check
+	- edk2 <unfixed>
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866
 CVE-2021-28212
 	RESERVED
 CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...)
@@ -20267,17 +20268,22 @@ CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vuln
 CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...)
 	NOT-FOR-US: Library System
 CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056
 CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402
 CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403
 CVE-2021-26196
 	RESERVED
 CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442
 CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445
 CVE-2021-26193
 	RESERVED
 CVE-2021-26192
@@ -20421,7 +20427,7 @@ CVE-2021-26124
 CVE-2021-23232
 	RESERVED
 CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...)
-	TODO: check
+	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23224
 	RESERVED
 CVE-2021-23220
@@ -20837,9 +20843,9 @@ CVE-2021-25951
 CVE-2021-25950
 	RESERVED
 CVE-2021-25949 (Prototype pollution vulnerability in ‘set-getter’ version  ...)
-	TODO: check
+	NOT-FOR-US: Node set-getter
 CVE-2021-25948 (Prototype pollution vulnerability in ‘expand-hash’ version ...)
-	TODO: check
+	NOT-FOR-US: Node expand-hash
 CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
 	NOT-FOR-US: Node nestie
 CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
@@ -21092,7 +21098,7 @@ CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross
 CVE-2021-3257
 	RESERVED
 CVE-2021-3256 (KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the h ...)
-	TODO: check
+	NOT-FOR-US: KuaiFanCMS
 CVE-2021-3255
 	RESERVED
 CVE-2021-3254
@@ -26796,7 +26802,7 @@ CVE-2021-23396
 CVE-2021-23395
 	RESERVED
 CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote  ...)
-	TODO: check
+	NOT-FOR-US: studio-42/elfinder
 CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the  ...)
 	TODO: check
 CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...)
@@ -27570,7 +27576,7 @@ CVE-2021-23026
 CVE-2021-23025
 	RESERVED
 CVE-2021-23024 (On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2021-23023 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2021-23022 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1325fa93ca022a84f0c70f1e39390c968d3c639d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1325fa93ca022a84f0c70f1e39390c968d3c639d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/78d7a643/attachment.htm>

More information about the debian-security-tracker-commits mailing list