[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 28 21:41:50 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
883cb3f5 by Salvatore Bonaccorso at 2021-10-28T22:41:10+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4296,7 +4296,7 @@ CVE-2021-41730
CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)
NOT-FOR-US: BaiCloud-cms
CVE-2021-41728 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-41727
RESERVED
CVE-2021-41726
@@ -4516,7 +4516,7 @@ CVE-2021-41621
CVE-2021-41620
RESERVED
CVE-2021-41619 (An issue was discovered in Gradle Enterprise before 2021.1.2. There is ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2021-41618
RESERVED
CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...)
@@ -4587,9 +4587,9 @@ CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds beca
CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...)
NOT-FOR-US: ACINQ Eclair
CVE-2021-41590 (In Gradle Enterprise through 2021.3, probing of the server-side networ ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2021-41589 (In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...)
NOT-FOR-US: Gradle Enterprise
CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
@@ -4664,7 +4664,7 @@ CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk softwar
CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: jsoneditor
CVE-2021-41560
@@ -7936,7 +7936,7 @@ CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond
NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6)
TODO: check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian
CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
- TODO: check
+ NOT-FOR-US: flatcore-cms
CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
RESERVED
- linux 5.14.12-1
@@ -13401,7 +13401,7 @@ CVE-2021-37917
CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...)
NOT-FOR-US: Joplin
CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...)
NOT-FOR-US: Argo Workflows
CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...)
@@ -13770,7 +13770,7 @@ CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) b
CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...)
NOT-FOR-US: Hexagon GeoMedia WebMap
CVE-2021-37748 (Multiple buffer overflows in the limited configuration shell (/sbin/gs ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2021-37747
RESERVED
CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...)
@@ -14881,7 +14881,7 @@ CVE-2021-37256
CVE-2021-37255
RESERVED
CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2021-37253
RESERVED
CVE-2021-37252
@@ -15460,41 +15460,41 @@ CVE-2021-37004
CVE-2021-37003
RESERVED
CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37000
RESERVED
CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36997 (There is a Low memory error in Huawei Smartphone due to the unlimited ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36996 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36995 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36994 (There is a issue that trustlist strings being repeatedly inserted into ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36993 (There is a Memory leaks vulnerability in Huawei Smartphone.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36992 (There is a Public key verification vulnerability in Huawei Smartphone. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36991 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36990 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36989 (There is a Kernel crash vulnerability in Huawei Smartphone.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36988 (There is a Parameter verification issue in Huawei Smartphone.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36987 (There is a issue that nodes in the linked list being freed for multipl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36986 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36985 (There is a Code injection vulnerability in Huawei Smartphone.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-36984
RESERVED
CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...)
@@ -22937,7 +22937,7 @@ CVE-2021-33808
CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...)
NOT-FOR-US: Cartadis Gespage
CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-3578 [possible remote code execution in isync/mbsync]
RESERVED
- isync 1.3.0-2.2 (bug #989564)
@@ -22951,7 +22951,7 @@ CVE-2021-33805
CVE-2021-3577
RESERVED
CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS]
RESERVED
- openjpeg2 <unfixed> (bug #989775)
@@ -30304,7 +30304,7 @@ CVE-2021-30922
CVE-2021-30921
REJECTED
CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...)
TODO: check
CVE-2021-30918 (A Lock Screen issue was addressed with improved state management. This ...)
@@ -51066,27 +51066,27 @@ CVE-2021-22493
CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
NOT-FOR-US: Samsung mobile devices
CVE-2021-22491 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22490 (There is a Permission verification vulnerability in Huawei Smartphone. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22489
RESERVED
CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei Smartphone. Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22486 (There is a issue of Unstandardized field names in Huawei Smartphone. S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections in Huawei ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22484
RESERVED
CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smartphone. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22481 (There is a Verification errors vulnerability in Huawei Smartphone.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22480
RESERVED
CVE-2021-22479
@@ -51098,57 +51098,57 @@ CVE-2021-22477
CVE-2021-22476
RESERVED
CVE-2021-22475 (There is an Improper permission management vulnerability in Huawei Sma ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22474 (There is an Out-of-bounds memory access in Huawei Smartphone.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22473 (There is an Authentication vulnerability in Huawei Smartphone.Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22472 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22471 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22470 (A component of the HarmonyOS has a Privileges Controls vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22469 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22468 (A component of the HarmonyOS has a Exposure of Sensitive Information t ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22467 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22466 (A component of the HarmonyOS has a Use After Free vulnerability. Local ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22465 (A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerab ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22464 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22463 (A component of the HarmonyOS has a Use After Free vulnerability . Loca ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22462 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22461 (A component of the HarmonyOS has a Allocation of Resources Without Lim ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22460 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22459 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22458 (A component of the HarmonyOS has a Improper Restriction of Operations ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22457 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22456 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22455 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22454 (A component of the HarmonyOS has a External Control of System or Confi ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22453 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22452 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22451 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22450 (A component of the HarmonyOS has a Incomplete Cleanup vulnerability. L ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...)
NOT-FOR-US: Elf-G10HN (Huawei)
CVE-2021-22448
@@ -51176,7 +51176,7 @@ CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability
CVE-2021-22437
RESERVED
CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei Smartphone.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...)
NOT-FOR-US: Huawei
CVE-2021-22434
@@ -51234,19 +51234,19 @@ CVE-2021-22409 (There is a denial of service vulnerability in some versions of M
CVE-2021-22408
RESERVED
CVE-2021-22407 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22406 (There is an Uncaught Exception vulnerability in Huawei Smartphone.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22405 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22404 (There is a Directory traversal vulnerability in Huawei Smartphone.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22403 (There is a vulnerability of hijacking unverified providers in Huawei S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22402 (There is a DoS vulnerability in Huawei Smartphone.Successful exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22401 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...)
NOT-FOR-US: Huawei
CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
@@ -51492,7 +51492,7 @@ CVE-2021-22280
CVE-2021-22279
RESERVED
CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
- TODO: check
+ NOT-FOR-US: PCM600 Update Manager
CVE-2021-22277
RESERVED
CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
@@ -82314,7 +82314,7 @@ CVE-2020-22314
CVE-2020-22313
RESERVED
CVE-2020-22312 (A cross-site scripting (XSS) vulnerability was discovered in the OJ/ad ...)
- TODO: check
+ NOT-FOR-US: HZNUOJ
CVE-2020-22311
RESERVED
CVE-2020-22310
@@ -118965,7 +118965,7 @@ CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote ad
CVE-2020-7876
RESERVED
CVE-2020-7875 (DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, w ...)
- TODO: check
+ NOT-FOR-US: DEXT5 Upload
CVE-2020-7874 (Download of code without integrity check vulnerability in NEXACRO14 Ru ...)
NOT-FOR-US: NEXACRO14 Runtime ActiveX control of tobesoft
CVE-2020-7873 (Download of code without integrity check vulnerability in ActiveX cont ...)
@@ -130533,7 +130533,7 @@ CVE-2019-19812
CVE-2019-19811
RESERVED
CVE-2019-19810 (Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Jav ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2019-19809
RESERVED
CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of configuration fi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883cb3f5f3dcd31643f129a1d5e1554017b3714d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/883cb3f5f3dcd31643f129a1d5e1554017b3714d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211028/92b33b08/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list