[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 15 17:25:04 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2656a01 by Moritz Muehlenhoff at 2021-11-15T18:24:35+01:00
NFUs
new gitlab issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -249,7 +249,7 @@ CVE-2021-43622
CVE-2021-43621
RESERVED
CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...)
- TODO: check
+ NOT-FOR-US: Rust crate fruity
CVE-2021-43619
RESERVED
CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
@@ -410,7 +410,7 @@ CVE-2021-3946
CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
NOT-FOR-US: django-helpdesk
CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...)
- TODO: check
+ NOT-FOR-US: Diffie Hellmann kex protocol issue
CVE-2021-3944
RESERVED
CVE-2021-3943
@@ -12614,7 +12614,7 @@ CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
NOT-FOR-US: SafeCurl
CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability affecting in ...)
- TODO: check
+ NOT-FOR-US: Jamf Pro
CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...)
NOT-FOR-US: MISP
CVE-2021-39301
@@ -34866,7 +34866,7 @@ CVE-2021-30323
CVE-2021-30322
RESERVED
CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-30320
RESERVED
CVE-2021-30319
@@ -34976,7 +34976,7 @@ CVE-2021-30268
CVE-2021-30267
RESERVED
CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30264 (Possible use after free due improper validation of reference from call ...)
@@ -54403,7 +54403,7 @@ CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Ji
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
- gitlab <unfixed>
CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog integration ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
- gitlab <not-affected> (Specific to EE)
CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...)
@@ -64034,7 +64034,7 @@ CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper ha
CVE-2021-1913 (Possible integer overflow due to improper length check while updating ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1912 (Possible integer overflow can occur due to improper length check while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-1911
RESERVED
CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2656a0194343e21629c334ae35fb40ad7a2281c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2656a0194343e21629c334ae35fb40ad7a2281c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211115/540dec91/attachment.htm>
More information about the debian-security-tracker-commits
mailing list