[Git][security-tracker-team/security-tracker][master] NFUs

Wed Sep 15 10:12:59 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45b2c80d by Moritz Muehlenhoff at 2021-09-15T11:12:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2021-41078
 CVE-2021-3801
 	RESERVED
 CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...)
-	TODO: check
+	NOT-FOR-US: Travis CI
 CVE-2021-41076
 	RESERVED
 CVE-2021-41075
@@ -92,7 +92,7 @@ CVE-2021-41035
 CVE-2021-41034
 	RESERVED
 CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Equinox
 CVE-2021-41032
 	RESERVED
 CVE-2021-41031
@@ -1948,7 +1948,7 @@ CVE-2021-40216
 CVE-2021-40215
 	RESERVED
 CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...)
-	TODO: check
+	NOT-FOR-US: Gibbon
 CVE-2021-40213
 	RESERVED
 CVE-2021-40212
@@ -4254,11 +4254,11 @@ CVE-2021-39208
 CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...)
 	TODO: check
 CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
-	TODO: check
+	NOT-FOR-US: Pomerium
 CVE-2021-39205
 	RESERVED
 CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
-	TODO: check
+	NOT-FOR-US: Pomerium
 CVE-2021-39203 (WordPress is a free and open-source content management system written  ...)
 	- wordpress <not-affected> (Only affects 5.8 beta 1; vulnerable code introduced later)
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6
@@ -4359,7 +4359,7 @@ CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and
 	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
 	NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1)
 CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
-	TODO: check
+	NOT-FOR-US: Pomerium
 CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
@@ -5410,7 +5410,7 @@ CVE-2021-38675
 CVE-2021-38674
 	RESERVED
 CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...)
-	TODO: check
+	NOT-FOR-US: adminlte
 CVE-2021-38673
 	RESERVED
 CVE-2021-38672
@@ -12784,7 +12784,7 @@ CVE-2021-35495
 CVE-2021-35494
 	RESERVED
 CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO  ...)
-	TODO: check
+	NOT-FOR-US: WebFOCUS
 CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
 	NOT-FOR-US: Rapid7 Velociraptor
 CVE-2021-35492
@@ -19311,7 +19311,7 @@ CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storag
 CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...)
-	TODO: check
+	NOT-FOR-US: Github
 CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...)
 	NOT-FOR-US: Prism
 CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...)
@@ -20544,7 +20544,7 @@ CVE-2021-32204
 CVE-2021-32203
 	RESERVED
 CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by  ...)
-	TODO: check
+	NOT-FOR-US: CS-Cart
 CVE-2021-32201
 	RESERVED
 CVE-2021-32200
@@ -25580,9 +25580,9 @@ CVE-2021-30297
 CVE-2021-30296
 	RESERVED
 CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30293
 	RESERVED
 CVE-2021-30292
@@ -54429,7 +54429,7 @@ CVE-2021-1964 (Possible buffer over read due to improper validation of IE size w
 CVE-2021-1963 (Possible use-after-free due to lack of validation for the rule count i ...)
 	TODO: check
 CVE-2021-1962 (Buffer Overflow while processing IOCTL for getting peripheral endpoint ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1961 (Possible buffer overflow due to lack of offset length check while upda ...)
 	TODO: check
 CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted opcode in LM ...)
@@ -54449,7 +54449,7 @@ CVE-2021-1954 (Possible buffer over read due to improper validation of data poin
 CVE-2021-1953 (Improper handling of received malformed FTMR request frame can lead to ...)
 	NOT-FOR-US: Snapdragon
 CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of reques ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1951
 	RESERVED
 CVE-2021-1950
@@ -54457,12 +54457,12 @@ CVE-2021-1950
 CVE-2021-1949
 	RESERVED
 CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1947
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation while pr ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1945 (Possible out of bound read due to lack of length check of Bandwidth-NS ...)
 	NOT-FOR-US: Snapdragon
 CVE-2021-1944
@@ -54472,7 +54472,7 @@ CVE-2021-1943 (Possible buffer out of bound read can occur due to improper valid
 CVE-2021-1942
 	RESERVED
 CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...)
 	NOT-FOR-US: Snapdragon
 CVE-2021-1939
@@ -54485,11 +54485,11 @@ CVE-2021-1937 (Reachable assertion is possible while processing peer association
 CVE-2021-1936
 	RESERVED
 CVE-2021-1935 (Possible null pointer dereference due to lack of validation check for  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1934 (Possible memory corruption due to improper check when application load ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1933 (UE assertion is possible due to improper validation of invite message  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1932
 	RESERVED
 CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer length w ...)
@@ -54537,7 +54537,7 @@ CVE-2021-1911
 CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1909 (Buffer overflow occurs in trusted applications due to lack of length c ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1908
 	RESERVED
 CVE-2021-1907 (Possible buffer overflow due to lack of length check in BA request in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45b2c80d6c4a30c320a26be7f588b7dac11c6a64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45b2c80d6c4a30c320a26be7f588b7dac11c6a64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210915/c64fe334/attachment.htm>
