[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Oct 31 08:04:41 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9163161 by Salvatore Bonaccorso at 2021-10-31T09:04:06+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -205,7 +205,7 @@ CVE-2021-43011
CVE-2021-3905
RESERVED
CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3565-1
NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
@@ -5628,7 +5628,7 @@ CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management o
CVE-2021-41154 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
NOT-FOR-US: Tuleap
CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...)
- TODO: check
+ NOT-FOR-US: Rust evm crate
CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...)
NOT-FOR-US: OpenOlat
CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...)
@@ -5915,7 +5915,7 @@ CVE-2021-41037
CVE-2021-41036
RESERVED
CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
- TODO: check
+ NOT-FOR-US: Eclipse OpenJ9
CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
NOT-FOR-US: Eclipse Che
CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
@@ -10228,17 +10228,17 @@ CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for A
CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...)
- grafana <removed>
CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Deck
CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
- TODO: check
+ NOT-FOR-US: Nextcloud OfficeOnline
CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Richdocuments
CVE-2021-39222
RESERVED
CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Contacts
CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Mail
CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...)
NOT-FOR-US: wasmtime
CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...)
@@ -15960,7 +15960,7 @@ CVE-2021-36810
CVE-2021-36809
RESERVED
CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2021-36807
RESERVED
CVE-2021-36806
@@ -30416,7 +30416,7 @@ CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved
CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30898
REJECTED
CVE-2021-30897
@@ -49907,7 +49907,7 @@ CVE-2021-22963 (A redirect vulnerability in the fastify-static module version &l
CVE-2021-22962
RESERVED
CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...)
- TODO: check
+ NOT-FOR-US: GlassWire
CVE-2021-22960 [HTTP Request Smuggling when parsing the body]
RESERVED
- nodejs 12.22.7~dfsg-1
@@ -51997,7 +51997,7 @@ CVE-2021-22103
CVE-2021-22102
RESERVED
CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry Cloud Controller
CVE-2021-22100
RESERVED
CVE-2021-22099
@@ -52123,9 +52123,9 @@ CVE-2021-22040
CVE-2021-22039
RESERVED
CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...)
- TODO: check
+ NOT-FOR-US: InstallBuilder
CVE-2021-22037 (Under certain circumstances, when manipulating the Windows registry, I ...)
- TODO: check
+ NOT-FOR-US: InstallBuilder
CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...)
NOT-FOR-US: VMware
CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
@@ -61414,7 +61414,7 @@ CVE-2021-1823
CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2021-1821 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...)
{DSA-4797-1}
- webkit2gtk 2.30.1-1
@@ -61665,7 +61665,7 @@ CVE-2020-29631
CVE-2020-29630
RESERVED
CVE-2020-29629 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29628
RESERVED
CVE-2020-29627
@@ -65394,17 +65394,17 @@ CVE-2021-1125
CVE-2021-1124
RESERVED
CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...)
TODO: check
CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
@@ -74249,7 +74249,7 @@ CVE-2020-25883
CVE-2020-25882
RESERVED
CVE-2020-25881 (A vulnerability was discovered in the filename parameter in pathindex. ...)
- TODO: check
+ NOT-FOR-US: RKCMS
CVE-2020-25880
RESERVED
CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 'Manage Users ...)
@@ -74265,9 +74265,9 @@ CVE-2020-25875 (A stored cross site scripting (XSS) vulnerability in the 'Smiley
CVE-2020-25874
RESERVED
CVE-2020-25873 (A directory traversal vulnerability in the component system/manager/cl ...)
- TODO: check
+ NOT-FOR-US: Baijiacms
CVE-2020-25872 (A vulnerability exists within the FileManagerController.php function i ...)
- TODO: check
+ NOT-FOR-US: FrogCMS
CVE-2020-25871
RESERVED
CVE-2020-25870
@@ -82864,7 +82864,7 @@ CVE-2020-22081
CVE-2020-22080
RESERVED
CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2020-22078
RESERVED
CVE-2020-22077
@@ -113827,7 +113827,7 @@ CVE-2020-9899 (A memory corruption issue was addressed with improved input valid
CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9896
RESERVED
CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...)
@@ -114197,7 +114197,7 @@ CVE-2020-10007 (A logic issue was addressed with improved state management. This
CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91631618a704e276ac0e7e62b67e28a14a426b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91631618a704e276ac0e7e62b67e28a14a426b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211031/30c119d5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list