[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 9 06:58:01 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88574640 by Salvatore Bonaccorso at 2021-09-09T07:57:36+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42112,19 +42112,19 @@ CVE-2021-3057
CVE-2021-3056
RESERVED
CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3053 (An improper handling of exceptional conditions vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3052 (A reflected cross-site scripting (XSS) vulnerability in the Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3051 (An improper verification of cryptographic signature vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3050 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2021-3049 (An improper authorization vulnerability in the Palo Alto Networks Cort ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-3048 (Certain invalid URL entries contained in an External Dynamic List (EDL ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3047 (A cryptographically weak pseudo-random number generator (PRNG) is used ...)
@@ -48667,11 +48667,11 @@ CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to th
CVE-2020-35571 (An issue was discovered in MantisBT through 2.24.3. In the helper_ensu ...)
- mantis <removed>
CVE-2021-21105 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21104 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21103 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a Path Tra ...)
NOT-FOR-US: Adobe
CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of- ...)
@@ -53822,33 +53822,33 @@ CVE-2021-1887 (An assertion can be reached in the WLAN subsystem while using the
CVE-2021-1886 (Incorrect handling of pointers in trusted application key import mecha ...)
NOT-FOR-US: Snapdragon
CVE-2021-1885 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1884 (A race condition was addressed with improved locking. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1883 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1882 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1881 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1880 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1879 (This issue was addressed by improved management of object lifetimes. T ...)
NOT-FOR-US: Apple
CVE-2021-1878 (An integer overflow was addressed with improved input validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1877 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1876 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1875 (A double free issue was addressed with improved memory management. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1874 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1873 (An API issue in Accessibility TCC permissions was addressed with impro ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1872 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1871 (A logic issue was addressed with improved restrictions. This issue is ...)
{DSA-4923-1}
- webkit2gtk 2.32.0-2
@@ -53864,51 +53864,51 @@ CVE-2021-1870 (A logic issue was addressed with improved restrictions. This issu
CVE-2021-1869
RESERVED
CVE-2021-1868 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1867 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1866
RESERVED
CVE-2021-1865 (An issue obscuring passwords in screenshots was addressed with improve ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1864 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1863 (An issue existed with authenticating the action triggered by an NFC ta ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1862 (Description: A person with physical access may be able to access conta ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1861 (An issue existed in determining cache occupancy. The issue was address ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1860 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1859 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1858 (Processing a maliciously crafted image may lead to arbitrary code exec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1857 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1856
RESERVED
CVE-2021-1855 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1854 (A call termination issue with was addressed with improved logic. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1853 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1852 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1851 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1850
RESERVED
CVE-2021-1849 (An issue in code signature validation was addressed with improved chec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1848 (The issue was addressed with improved UI handling. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1847 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1846 (Processing a maliciously crafted audio file may disclose restricted me ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1845
RESERVED
CVE-2021-1844 (A memory corruption issue was addressed with improved validation. This ...)
@@ -53918,37 +53918,37 @@ CVE-2021-1844 (A memory corruption issue was addressed with improved validation.
- wpewebkit 2.32.0-2
NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
CVE-2021-1843 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1842
RESERVED
CVE-2021-1841 (A malicious application may be able to execute arbitrary code with ker ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1840 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1839 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1838 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1837 (A certificate validation issue was addressed. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1836 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1835 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1834 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1833 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1832 (Copied files may not have the expected file permissions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1831 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1830 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1829 (A type confusion issue was addressed with improved state handling. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1828 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1827
RESERVED
CVE-2021-1826 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -53964,11 +53964,11 @@ CVE-2021-1825 (An input validation issue was addressed with improved input valid
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
CVE-2021-1824 (This issue was addressed with improved entitlements. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1823
RESERVED
CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1821
RESERVED
CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...)
@@ -53988,25 +53988,25 @@ CVE-2021-1817 (A memory corruption issue was addressed with improved state manag
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
CVE-2021-1816 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1815 (A parsing issue in the handling of directory paths was addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1814 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1813 (A validation issue was addressed with improved logic. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1812 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1811 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1810 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1809 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1808 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1807 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1806 (A race condition was addressed with additional validation. This issue ...)
NOT-FOR-US: Apple
CVE-2021-1805 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -54068,7 +54068,7 @@ CVE-2021-1786 (A logic issue was addressed with improved state management. This
CVE-2021-1785 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-1784 (A permissions issue existed in DiskArbitration. This was addressed wit ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1783 (An access issue was addressed with improved memory management. This is ...)
NOT-FOR-US: Apple
CVE-2021-1782 (A race condition was addressed with improved locking. This issue is fi ...)
@@ -54096,7 +54096,7 @@ CVE-2021-1772 (A stack overflow was addressed with improved input validation. Th
CVE-2021-1771 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-1770 (A buffer overflow may result in arbitrary code execution. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1769 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-1768 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -54116,7 +54116,7 @@ CVE-2021-1764 (A use after free issue was addressed with improved memory managem
CVE-2021-1763 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
CVE-2021-1762 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1761 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-1760 (A memory corruption issue was addressed with improved state management ...)
@@ -54160,9 +54160,9 @@ CVE-2021-1742 (This issue was addressed with improved checks. This issue is fixe
CVE-2021-1741 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2021-1740 (A parsing issue in the handling of directory paths was addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1739 (A parsing issue in the handling of directory paths was addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1738 (An out-of-bounds write was addressed with improved input validation. T ...)
NOT-FOR-US: Apple
CVE-2021-1737 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -55904,7 +55904,7 @@ CVE-2020-29014 (A concurrent execution using shared resource with improper synch
CVE-2020-29013
RESERVED
CVE-2020-29012 (An insufficient session expiration vulnerability in FortiSandbox versi ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum search and ...)
NOT-FOR-US: FortiSandbox
CVE-2020-29010
@@ -61185,11 +61185,11 @@ CVE-2020-27944 (A memory corruption issue existed in the processing of font file
CVE-2020-27943 (A memory corruption issue existed in the processing of font files. Thi ...)
NOT-FOR-US: Apple
CVE-2020-27942 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27941 (A validation issue was addressed with improved logic. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2020-27940 (This issue was addressed with improved file handling. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27939 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2020-27938 (A logic issue was addressed with improved state management. This issue ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88574640f0b3d8a0bdfe6417d1c4ee6143db34df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88574640f0b3d8a0bdfe6417d1c4ee6143db34df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210909/1b63def4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list