[Git][security-tracker-team/security-tracker][master] 2 commits: Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 22 14:43:55 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a0305cae by Salvatore Bonaccorso at 2021-10-22T15:41:57+02:00
Process several NFUs
- - - - -
c6908392 by Salvatore Bonaccorso at 2021-10-22T15:42:50+02:00
Associate CVE-2021-1075 with cron to follow related CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18118,7 +18118,7 @@ CVE-2021-35621 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp
CVE-2021-35620 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2021-35619 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35618 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2021-35617 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -18858,7 +18858,7 @@ CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720
CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...)
NOT-FOR-US: TOTOLINK A720R A720R_Firmware
CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via t ...)
- TODO: check
+ NOT-FOR-US: bludit
CVE-2021-35322
RESERVED
CVE-2021-35321
@@ -29776,7 +29776,7 @@ CVE-2021-30871
CVE-2021-30870
REJECTED
CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30868
REJECTED
CVE-2021-30867
@@ -29818,57 +29818,57 @@ CVE-2021-30852
CVE-2021-30851
REJECTED
CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30844 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30843 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30842 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30840
RESERVED
CVE-2021-30839
RESERVED
CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30836
RESERVED
CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30834
RESERVED
CVE-2021-30833
RESERVED
CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30831
RESERVED
CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30828 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30827 (A permissions issue existed. This issue was addressed with improved pe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30826 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30824
RESERVED
CVE-2021-30823
@@ -29878,9 +29878,9 @@ CVE-2021-30822
CVE-2021-30821
RESERVED
CVE-2021-30820 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30818
RESERVED
CVE-2021-30817
@@ -29888,7 +29888,7 @@ CVE-2021-30817
CVE-2021-30816
RESERVED
CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30814
RESERVED
CVE-2021-30813
@@ -29896,15 +29896,15 @@ CVE-2021-30813
CVE-2021-30812
RESERVED
CVE-2021-30811 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30809
RESERVED
CVE-2021-30808
RESERVED
CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30806
RESERVED
CVE-2021-30805 (A memory corruption issue was addressed with improved input validation ...)
@@ -31362,9 +31362,9 @@ CVE-2021-30318
CVE-2021-30317
RESERVED
CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-30314
RESERVED
CVE-2021-30313
@@ -31386,7 +31386,7 @@ CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for
CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-30303
RESERVED
CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...)
@@ -34799,7 +34799,7 @@ CVE-2021-3456
RESERVED
- foreman <itp> (bug #663101)
CVE-2021-28975 (WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's de ...)
- TODO: check
+ NOT-FOR-US: WP Mailster
CVE-2021-28974
RESERVED
CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...)
@@ -34859,9 +34859,9 @@ CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arb
CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
NOT-FOR-US: unofficial C/C++ Advanced Lint extension for Visual Studio Code
CVE-2021-3455 (Disconnecting L2CAP channel right after invalid ATT request leads free ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3454 (Truncated L2CAP K-frame causes assertion failure. Zephyr versions > ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3453 (Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS m ...)
NOT-FOR-US: Lenovo
CVE-2021-3452 (A potential vulnerability in the system shutdown SMI callback function ...)
@@ -36013,7 +36013,7 @@ CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is su
CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
NOT-FOR-US: Arista
CVE-2021-28496 (On systems running Arista EOS and CloudEOS with the affected release v ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
NOT-FOR-US: Arista
CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
@@ -37871,7 +37871,7 @@ CVE-2021-27748
CVE-2021-27747
RESERVED
CVE-2021-27746 ("HCL Connections Security Update for Reflected Cross-Site Scripting (X ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27745
RESERVED
CVE-2021-27744
@@ -51406,7 +51406,7 @@ CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an ope
CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
NOT-FOR-US: VMware
CVE-2021-22034 (Releases prior to VMware vRealize Operations Tenant App 8.6 contain an ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...)
NOT-FOR-US: VMware
CVE-2021-22032
@@ -57856,7 +57856,7 @@ CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00
CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
NOT-FOR-US: Telus Wi-Fi Hub
CVE-2021-20120 (The administration web interface for the Arris Surfboard SB8200 lacks ...)
- TODO: check
+ NOT-FOR-US: Arris Surfboard SB8200
CVE-2021-20119
RESERVED
CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
@@ -59242,7 +59242,7 @@ CVE-2021-2473
CVE-2021-2472
RESERVED
CVE-2021-2471 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-2470
RESERVED
CVE-2021-2469
@@ -60347,14 +60347,14 @@ CVE-2021-1982
CVE-2021-1981
RESERVED
CVE-2021-1980 (Possible buffer over read due to lack of length check while parsing be ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-1979
RESERVED
CVE-2021-1978
RESERVED
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1977 (Possible buffer over read due to improper validation of frame length w ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1975
@@ -60955,7 +60955,7 @@ CVE-2020-29623 ("Clear History and Website Data" did not clear the history. The
- wpewebkit 2.30.6-1
NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
CVE-2020-29622 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29621 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2020-29620 (This issue was addressed with improved entitlements. This issue is fix ...)
@@ -63685,7 +63685,7 @@ CVE-2021-1531 (A vulnerability in the web UI of Cisco Modeling Labs could allow
CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
NOT-FOR-US: Cisco
CVE-2021-1529 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
@@ -100143,7 +100143,7 @@ CVE-2020-14265
CVE-2020-14264
RESERVED
CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-14262
RESERVED
CVE-2020-14261
@@ -105843,7 +105843,7 @@ CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect dev
CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...)
NOT-FOR-US: EdgeConnect
CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier ...)
- TODO: check
+ NOT-FOR-US: SNMP stack in Contiki-NG
CVE-2020-12140
RESERVED
CVE-2020-12139
@@ -430944,7 +430944,7 @@ CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allo
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-1075 (FreeBSD's crontab calculates the MD5 sum of the previous and new cronj ...)
- TODO: check
+ - cron <not-affected> (Debian's cron not affected)
CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ex ...)
- cron <not-affected> (Debian's cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8959f1b99ae05b206b922fd6eadac122b8b0b357...c6908392bcbcb8908b6c0d76e0741605cef26773
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8959f1b99ae05b206b922fd6eadac122b8b0b357...c6908392bcbcb8908b6c0d76e0741605cef26773
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211022/d786cc4b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list