[Git][security-tracker-team/security-tracker][master] new iotjs issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 17 16:48:52 GMT 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b411a0a by Moritz Muehlenhoff at 2022-01-17T17:48:27+01:00
new iotjs issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2022-0241
 CVE-2022-0240
 	RESERVED
 CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
-	TODO: check
+	NOT-FOR-US: corenlp
 CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	- phoronix-test-suite <removed>
 CVE-2022-23301
@@ -1417,7 +1417,9 @@ CVE-2021-46172
 CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...)
 	NOT-FOR-US: Modex
 CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d
 CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability  ...)
 	NOT-FOR-US: Modex
 CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex()  ...)
@@ -1439,7 +1441,7 @@ CVE-2021-4202
 	[bullseye] - linux 5.10.84-1
 	NOTE: CONFIG_NFC_NCI not enabled in Debian
 CVE-2021-23218 (When running with FIPS mode enabled, Mirantis Container Runtime 20.10. ...)
-	TODO: check
+	NOT-FOR-US: Mirantis Container Runtime
 CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates helm c ...)
 	NOT-FOR-US: Lens
 CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...)
@@ -2035,7 +2037,7 @@ CVE-2022-22679
 CVE-2022-22150
 	RESERVED
 CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
 	NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
 CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
@@ -4874,7 +4876,7 @@ CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to
 CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
 	NOT-FOR-US: Netgear
 CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...)
-	TODO: check
+	NOT-FOR-US: calibre-web
 CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: livehelperchat
 CVE-2021-45492
@@ -5529,7 +5531,7 @@ CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_gener
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0)
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0)
 CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop on Windows
 CVE-2021-45448
 	RESERVED
 CVE-2021-45447
@@ -6862,7 +6864,7 @@ CVE-2022-21913 (Local Security Authority (Domain Policy) Remote Protocol Securit
 CVE-2022-21912 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21911 (.NET Framework Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET
 CVE-2022-21910 (Microsoft Cluster Port Driver Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21909
@@ -7397,7 +7399,7 @@ CVE-2021-44880
 CVE-2021-44879
 	RESERVED
 CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
-	TODO: check
+	NOT-FOR-US: Pac4j
 CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
 	NOT-FOR-US: Dalmark Systems Systeam
 CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
@@ -7585,7 +7587,7 @@ CVE-2021-44830
 CVE-2021-44829
 	RESERVED
 CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0  ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2021-44827
 	RESERVED
 CVE-2021-44826
@@ -7899,7 +7901,7 @@ CVE-2021-44454
 CVE-2021-43351
 	RESERVED
 CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
-	TODO: check
+	NOT-FOR-US: Crater
 CVE-2021-26946
 	RESERVED
 CVE-2021-26254
@@ -8290,7 +8292,7 @@ CVE-2021-44588
 CVE-2021-44587
 	RESERVED
 CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...)
-	TODO: check
+	NOT-FOR-US: dst-admin
 CVE-2021-44585
 	RESERVED
 CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b411a0a34ede5756c4e4b66795641ba0ee8c40a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b411a0a34ede5756c4e4b66795641ba0ee8c40a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220117/13e83730/attachment.htm>


More information about the debian-security-tracker-commits mailing list