[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 20 22:31:08 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c67d6cb by Moritz Muehlenhoff at 2022-06-20T23:30:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23153,7 +23153,7 @@ CVE-2022-25774
 CVE-2022-25773
 	RESERVED
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25771
 	RESERVED
 CVE-2022-25770
@@ -49365,7 +49365,7 @@ CVE-2022-20205 (In isFileUri of FileUtil.java, there is a possible way to bypass
 CVE-2022-20204 (In registerRemoteBugreportReceivers of DevicePolicyManagerService.java ...)
 	NOT-FOR-US: Google Pixel
 CVE-2022-20203 (In multiple locations of the nanopb library, there is a possible way t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, ...)
 	NOT-FOR-US: Google Pixel
 CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a possible out of ...)
@@ -51823,7 +51823,7 @@ CVE-2021-41740
 CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica Proxy 4. ...)
 	NOT-FOR-US: Artica Web Proxy
 CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerb ...)
-	TODO: check
+	NOT-FOR-US: ZeroShell
 CVE-2021-41737
 	RESERVED
 	- faust <unfixed>
@@ -53566,7 +53566,7 @@ CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other c
 CVE-2021-41042
 	RESERVED
 CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw ...)
-	TODO: check
+	NOT-FOR-US: Eclipse OpenJ9
 CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...)
 	NOT-FOR-US: Eclipse Wakaama
 CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...)
@@ -54472,7 +54472,7 @@ CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the ke
 CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
 	NOT-FOR-US: Wuzhi CMS
 CVE-2021-40668 (The Android application HTTP File Server (Version 1.4.1) by 'slowscrip ...)
-	TODO: check
+	NOT-FOR-US: Android application HTTP File Server
 CVE-2021-40667
 	RESERVED
 CVE-2021-40666
@@ -54492,7 +54492,7 @@ CVE-2021-40660 (An issue was discovered in Delight Nashorn Sandbox 0.2.0. There
 CVE-2021-40659
 	RESERVED
 CVE-2021-40658 (Textpattern 4.8.7 is affected by a HTML injection vulnerability throug ...)
-	TODO: check
+	NOT-FOR-US: Textpattern CMS
 CVE-2021-40657
 	RESERVED
 CVE-2021-40656 (libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/ ...)
@@ -54586,7 +54586,7 @@ CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via
 CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...)
 	NOT-FOR-US: openSIS
 CVE-2021-40616 (thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can mo ...)
-	TODO: check
+	NOT-FOR-US: thinkcmf
 CVE-2021-40615
 	RESERVED
 CVE-2021-40614
@@ -55666,7 +55666,7 @@ CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within t
 CVE-2021-40213
 	RESERVED
 CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.2152 ...)
-	TODO: check
+	NOT-FOR-US: PotPlayer
 CVE-2021-40211
 	RESERVED
 CVE-2021-40210
@@ -56120,7 +56120,7 @@ CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartp
 CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible  ...)
 	NOT-FOR-US: Huawei
 CVE-2021-40036 (The bone voice ID TA has a memory overwrite vulnerability. Successful  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with  ...)
 	NOT-FOR-US: Huawei
 CVE-2021-40034
@@ -60553,7 +60553,7 @@ CVE-2021-38223
 CVE-2021-38222
 	RESERVED
 CVE-2021-38221 (bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XS ...)
-	TODO: check
+	NOT-FOR-US: bbs-go
 CVE-2021-38220
 	RESERVED
 CVE-2021-38219
@@ -61925,7 +61925,7 @@ CVE-2021-37766
 CVE-2021-37765
 	RESERVED
 CVE-2021-37764 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...)
-	TODO: check
+	NOT-FOR-US: XOS-Shop
 CVE-2021-37763
 	RESERVED
 CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
@@ -64723,9 +64723,9 @@ CVE-2021-36611
 CVE-2021-36610
 	RESERVED
 CVE-2021-36609 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-36608 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-36607
 	RESERVED
 CVE-2021-36606
@@ -68294,7 +68294,7 @@ CVE-2021-35132
 CVE-2021-35131
 	RESERVED
 CVE-2021-35130 (Memory corruption in graphics support layer due to use after free cond ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-35129 (Memory corruption in BT controller due to improper length check while  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2021-35128
@@ -68302,13 +68302,13 @@ CVE-2021-35128
 CVE-2021-35127
 	RESERVED
 CVE-2021-35126 (Memory corruption in DSP service due to improper validation of input p ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-35125
 	RESERVED
 CVE-2021-35124
 	RESERVED
 CVE-2021-35123 (Buffer copy in GATT multi notification due to improper length check fo ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-35122
 	RESERVED
 CVE-2021-35121 (An array index is improperly used to lock and unlock a mutex which can ...)
@@ -68346,7 +68346,7 @@ CVE-2021-35106 (Possible out of bound read due to improper length calculation of
 CVE-2021-35105 (Possible out of bounds access due to improper input validation during  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-35104 (Possible buffer overflow due to improper parsing of headers while play ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-35103 (Possible out of bound write due to improper validation of number of ti ...)
 	NOT-FOR-US: Qualcomm QCA-WiFi for Android
 CVE-2021-35102 (Possible buffer overflow due to lack of validation for the length of N ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c67d6cb070f32c907128e7a82e034bda90068c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c67d6cb070f32c907128e7a82e034bda90068c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/5973fea3/attachment.htm>

More information about the debian-security-tracker-commits mailing list