[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed Apr 20 11:19:16 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5bc0502 by Neil Williams at 2022-04-20T10:36:08+01:00
Process some NFUs

- - - - -
db79c64b by Neil Williams at 2022-04-20T11:18:26+01:00
CVE-2021-44481 to 44510 - fis-gtm unfixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26470,7 +26470,7 @@ CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96
 CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
 	NOT-FOR-US: phpservermon
 CVE-2021-4096 (The Fancy Product Designer plugin for WordPress is vulnerable to Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, where an ...)
 	NOT-FOR-US: NVIDIA
 CVE-2022-21821 (NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in  ...)
@@ -27526,65 +27526,152 @@ CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does n
 CVE-2021-44511
 	RESERVED
 CVE-2021-44510 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44509 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44508 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44507 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44506 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44505 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44504 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed>
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44503 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44502 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44501 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44500 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44499 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44498 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44497 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44496 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...)
-	TODO: check
+	- fis-gtm <unfixed>
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44495 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44494 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44493 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44492 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS  ...)
-	TODO: check
+	- fis-gtm <unfixed> (bug #1009900)
+	NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
+	NOTE: https://sourceforge.net/projects/fis-gtm/files/
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check upstream to find out which changes affect which CVE
 CVE-2021-44491 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44490 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44489 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44488 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44487 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack  ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44486 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44485 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack  ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44484 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack  ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44483 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack  ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44482 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack  ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44481 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack  ...)
-	TODO: check
+	NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828
+	TODO: check - unclear if affects only YottaDB
 CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...)
 	NOT-FOR-US: Wokka Lokka Q50 devices
 CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength  ...)
@@ -80200,7 +80287,7 @@ CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat ve
 CVE-2021-25121
 	RESERVED
 CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25119
 	RESERVED
 CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full internal ...)
@@ -84307,13 +84394,13 @@ CVE-2021-23288 (The vulnerability exists due to insufficient validation of input
 CVE-2021-23287 (The vulnerability exists due to insufficient validation of input of ce ...)
 	NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
 CVE-2021-23286 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) ve ...)
-	TODO: check
+	NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
 CVE-2021-23285 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) ve ...)
-	TODO: check
+	NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
 CVE-2021-23284 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) ve ...)
-	TODO: check
+	NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
 CVE-2021-23283 (Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulne ...)
-	TODO: check
+	NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
 CVE-2021-23282
 	RESERVED
 CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
@@ -87360,7 +87447,7 @@ CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaClou
 CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...)
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21967 (An out-of-bounds write vulnerability exists in the OTA update task fun ...)
-	TODO: check
+	NOT-FOR-US: Sealevel Systems
 CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
 	NOT-FOR-US: Texas Instruments
 CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
@@ -87382,7 +87469,7 @@ CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword H
 CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
 	NOT-FOR-US: Dream Report ODS Remote Connector
 CVE-2021-21956 (A php unserialize vulnerability exists in the Ai-Bolit functionality o ...)
-	TODO: check
+	NOT-FOR-US: Imunify360
 CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
@@ -87396,29 +87483,29 @@ CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GE
 CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21949 (An improper array index validation vulnerability exists in the JPEG-JF ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21948 (A heap-based buffer overflow vulnerability exists in the readDatHeadVe ...)
-	TODO: check
+	NOT-FOR-US: chitubox
 CVE-2021-21947 (Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21946 (Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21945 (Two heap-based buffer overflow vulnerabilities exist in the TIFF parse ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21944 (Two heap-based buffer overflow vulnerabilities exist in the TIFF parse ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21943 (A heap-based buffer overflow vulnerability exists in the XWD parser fu ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21942 (An out-of-bounds write vulnerability exists in the TIFF YCbCr image pa ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...)
 	NOT-FOR-US: Anker Eufy Homebase
 CVE-2021-21939 (A heap-based buffer overflow vulnerability exists in the XWD parser fu ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21938 (A heap-based buffer overflow vulnerability exists in the Palette box p ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
 	NOT-FOR-US: Advantech
 CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
@@ -87466,7 +87553,7 @@ CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the ‘g
 CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the ‘group_l ...)
 	NOT-FOR-US: Advantech
 CVE-2021-21914 (A heap-based buffer overflow vulnerability exists in the DecoderStream ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh  ...)
 	NOT-FOR-US: D-LINK
 CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/572eb582aad1183009622cbfb217e64a78a31a18...db79c64bcb3da93975717a50692e39073d8214fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/572eb582aad1183009622cbfb217e64a78a31a18...db79c64bcb3da93975717a50692e39073d8214fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/739feaab/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list