[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 31 08:04:41 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9163161 by Salvatore Bonaccorso at 2021-10-31T09:04:06+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -205,7 +205,7 @@ CVE-2021-43011
 CVE-2021-3905
 	RESERVED
 CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim 2:8.2.3565-1
 	NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
@@ -5628,7 +5628,7 @@ CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management o
 CVE-2021-41154 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
 	NOT-FOR-US: Tuleap
 CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...)
-	TODO: check
+	NOT-FOR-US: Rust evm crate
 CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...)
 	NOT-FOR-US: OpenOlat
 CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...)
@@ -5915,7 +5915,7 @@ CVE-2021-41037
 CVE-2021-41036
 	RESERVED
 CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
-	TODO: check
+	NOT-FOR-US: Eclipse OpenJ9
 CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
 	NOT-FOR-US: Eclipse Che
 CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
@@ -10228,17 +10228,17 @@ CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for A
 CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...)
 	- grafana <removed>
 CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Deck
 CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud OfficeOnline
 CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Richdocuments
 CVE-2021-39222
 	RESERVED
 CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Contacts
 CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Mail
 CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...)
 	NOT-FOR-US: wasmtime
 CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...)
@@ -15960,7 +15960,7 @@ CVE-2021-36810
 CVE-2021-36809
 	RESERVED
 CVE-2021-36808 (A local attacker could bypass the app password using a race condition  ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2021-36807
 	RESERVED
 CVE-2021-36806
@@ -30416,7 +30416,7 @@ CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved
 CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...)
 	NOT-FOR-US: Apple
 CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2021-30898
 	REJECTED
 CVE-2021-30897
@@ -49907,7 +49907,7 @@ CVE-2021-22963 (A redirect vulnerability in the fastify-static module version &l
 CVE-2021-22962
 	RESERVED
 CVE-2021-22961 (A code injection vulnerability exists within the firewall software of  ...)
-	TODO: check
+	NOT-FOR-US: GlassWire
 CVE-2021-22960 [HTTP Request Smuggling when parsing the body]
 	RESERVED
 	- nodejs 12.22.7~dfsg-1
@@ -51997,7 +51997,7 @@ CVE-2021-22103
 CVE-2021-22102
 	RESERVED
 CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry Cloud Controller
 CVE-2021-22100
 	RESERVED
 CVE-2021-22099
@@ -52123,9 +52123,9 @@ CVE-2021-22040
 CVE-2021-22039
 	RESERVED
 CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary  ...)
-	TODO: check
+	NOT-FOR-US: InstallBuilder
 CVE-2021-22037 (Under certain circumstances, when manipulating the Windows registry, I ...)
-	TODO: check
+	NOT-FOR-US: InstallBuilder
 CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...)
 	NOT-FOR-US: VMware
 CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
@@ -61414,7 +61414,7 @@ CVE-2021-1823
 CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is  ...)
 	NOT-FOR-US: Apple
 CVE-2021-1821 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...)
 	{DSA-4797-1}
 	- webkit2gtk 2.30.1-1
@@ -61665,7 +61665,7 @@ CVE-2020-29631
 CVE-2020-29630
 	RESERVED
 CVE-2020-29629 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-29628
 	RESERVED
 CVE-2020-29627
@@ -65394,17 +65394,17 @@ CVE-2021-1125
 CVE-2021-1124
 	RESERVED
 CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...)
 	TODO: check
 CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
@@ -74249,7 +74249,7 @@ CVE-2020-25883
 CVE-2020-25882
 	RESERVED
 CVE-2020-25881 (A vulnerability was discovered in the filename parameter in pathindex. ...)
-	TODO: check
+	NOT-FOR-US: RKCMS
 CVE-2020-25880
 	RESERVED
 CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 'Manage Users ...)
@@ -74265,9 +74265,9 @@ CVE-2020-25875 (A stored cross site scripting (XSS) vulnerability in the 'Smiley
 CVE-2020-25874
 	RESERVED
 CVE-2020-25873 (A directory traversal vulnerability in the component system/manager/cl ...)
-	TODO: check
+	NOT-FOR-US: Baijiacms
 CVE-2020-25872 (A vulnerability exists within the FileManagerController.php function i ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2020-25871
 	RESERVED
 CVE-2020-25870
@@ -82864,7 +82864,7 @@ CVE-2020-22081
 CVE-2020-22080
 	RESERVED
 CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2020-22078
 	RESERVED
 CVE-2020-22077
@@ -113827,7 +113827,7 @@ CVE-2020-9899 (A memory corruption issue was addressed with improved input valid
 CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...)
 	NOT-FOR-US: Apple
 CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9896
 	RESERVED
 CVE-2020-9895 (A use after free issue was addressed with improved memory management.  ...)
@@ -114197,7 +114197,7 @@ CVE-2020-10007 (A logic issue was addressed with improved state management. This
 CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...)
 	NOT-FOR-US: Apple
 CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91631618a704e276ac0e7e62b67e28a14a426b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e91631618a704e276ac0e7e62b67e28a14a426b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211031/30c119d5/attachment.htm>


More information about the debian-security-tracker-commits mailing list