[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 21 06:57:42 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e42624b9 by Salvatore Bonaccorso at 2022-06-21T07:57:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72670,7 +72670,7 @@ CVE-2021-33297
 CVE-2021-33296
 	RESERVED
 CVE-2021-33295 (Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before  ...)
-	TODO: check
+	NOT-FOR-US: Joplin Desktop App
 CVE-2021-33294
 	RESERVED
 CVE-2021-33293 (Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-b ...)
@@ -80697,9 +80697,9 @@ CVE-2021-30352
 CVE-2021-30351 (An out of bound memory access can occur due to improper validation of  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30350 (Lack of MBN header size verification against input buffer can lead to  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30349 (Improper access control sequence for AC database after memory allocati ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30348 (Improper validation of LLM utility timers availability can lead to den ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30347 (Improper integrity check can lead to race condition between tasks PDCP ...)
@@ -80717,11 +80717,11 @@ CVE-2021-30342 (Improper integrity check can lead to race condition between task
 CVE-2021-30341 (Improper buffer size validation of DSM packet received can lead to mem ...)
 	TODO: check
 CVE-2021-30340 (Reachable assertion due to improper validation of coreset in PDCCH con ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30339 (Reading PRNG output may lead to improper key generation due to lack of ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30338 (Improper input validation in TrustZone memory transfer interface can l ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30337 (Possible use after free when process shell memory is freed using IOCTL ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30336 (Possible out of bound read due to lack of domain input validation whil ...)
@@ -80729,7 +80729,7 @@ CVE-2021-30336 (Possible out of bound read due to lack of domain input validatio
 CVE-2021-30335 (Possible assertion in QOS request due to improper validation when mult ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30334 (Possible use after free due to lack of null check of DRM file status a ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30333 (Improper validation of buffer size input to the EFS file can lead to m ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30332 (Possible assertion due to improper validation of OTA configuration in  ...)
@@ -80743,7 +80743,7 @@ CVE-2021-30329 (Possible assertion due to improper validation of TCI configurati
 CVE-2021-30328 (Possible assertion due to improper validation of invalid NR CSI-IM res ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30327 (Buffer overflow in sahara protocol while processing commands leads to  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...)
@@ -80835,7 +80835,7 @@ CVE-2021-30283 (Possible denial of service due to improper handling of debug reg
 CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30281 (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, Snapdragon Co ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-30280
 	RESERVED
 CVE-2021-30279 (Possible access control violation while setting current permission for ...)
@@ -87253,7 +87253,7 @@ CVE-2021-27788
 CVE-2021-27787
 	RESERVED
 CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to perform cross ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27785
 	RESERVED
 CVE-2021-27784
@@ -105086,7 +105086,7 @@ CVE-2020-35599
 CVE-2020-35598 (ACS Advanced Comment System 1.0 is affected by Directory Traversal via ...)
 	NOT-FOR-US: ACS Advanced Comment System
 CVE-2020-35597 (Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of ad ...)
-	TODO: check
+	NOT-FOR-US: Victor CMS
 CVE-2020-35596
 	RESERVED
 CVE-2020-35595



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42624b9f1c33f15ea02a0d6c172a667d5b3ed8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42624b9f1c33f15ea02a0d6c172a667d5b3ed8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220621/7ef80574/attachment.htm>

More information about the debian-security-tracker-commits mailing list