[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Tue Feb 15 14:54:45 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98967047 by Neil Williams at 2022-02-15T14:54:16+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54122,15 +54122,15 @@ CVE-2021-30328
 CVE-2021-30327
 	RESERVED
 CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2021-30320
@@ -54138,9 +54138,9 @@ CVE-2021-30320
 CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...)
 	NOT-FOR-US: Snapdragon
 CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
@@ -54156,7 +54156,7 @@ CVE-2021-30311 (Possible heap overflow due to lack of index validation before al
 CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30307 (Possible denial of service due to improper validation of DNS response  ...)
@@ -63349,13 +63349,13 @@ CVE-2021-26618
 CVE-2021-26617
 	RESERVED
 CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
-	TODO: check
+	NOT-FOR-US: SecuwaySSL client for MacOS
 CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
 	NOT-FOR-US: ARK library
 CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
 	NOT-FOR-US: IpTime C200 camera
 CVE-2021-26613 (improper input validation vulnerability in nexacro permits copying fil ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft Nexacro
 CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...)
 	NOT-FOR-US: Tobesoft Nexacro
 CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
@@ -65000,7 +65000,7 @@ CVE-2021-25994 (In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Hos
 CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...)
 	NOT-FOR-US: Requarks wiki.js
 CVE-2021-25992 (In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a  ...)
-	TODO: check
+	NOT-FOR-US: Ifme
 CVE-2021-25991 (In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper a ...)
 	NOT-FOR-US: Ifme
 CVE-2021-25990 (In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable agai ...)
@@ -70823,7 +70823,7 @@ CVE-2021-23557
 CVE-2021-23556
 	RESERVED
 CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...)
-	TODO: check
+	NOT-FOR-US: Node vm2
 CVE-2021-23554
 	RESERVED
 CVE-2021-23553



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/989670471cc921ba746b6efa9da9737faadfc5c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/989670471cc921ba746b6efa9da9737faadfc5c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220215/da048c35/attachment.htm>

More information about the debian-security-tracker-commits mailing list