[Git][security-tracker-team/security-tracker][master] Process NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Thu Mar 24 11:48:11 GMT 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a0018e30 by Neil Williams at 2022-03-24T11:47:42+00:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37934,51 +37934,51 @@ CVE-2021-39739
CVE-2021-39738
RESERVED
CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID: A-208229524Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39736 (In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_peri ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39735 (In gasket_alloc_coherent_memory of gasket_page_table.c, there is a pos ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39734 (In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible w ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39733 (In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39732 (In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39731 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39730 (In TBD of TBD, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39729 (In the TitanM chip, there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39728
RESERVED
CVE-2021-39727 (In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/E ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39726 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39725 (In gasket_free_coherent_memory_all of gasket_page_table.c, there is a ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39724 (In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, th ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39723 (Product: AndroidVersions: Android kernelAndroid ID: A-209014813Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39722 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39721 (In TBD of TBD, there is a possible out of bounds write due to memory c ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39720 (Product: AndroidVersions: Android kernelAndroid ID: A-207433926Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39719 (In lwis_top_register_io of lwis_device_top.c, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39718 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39717 (In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bo ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39716 (Product: AndroidVersions: Android kernelAndroid ID: A-206977562Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39715 (In __show_regs of process.c, there is a possible leak of kernel memory ...)
- TODO: check
+ NOT-FOR-US: Android kernel patches
CVE-2021-39714 (In ion_buffer_kmap_get of ion.c, there is a possible use-after-free du ...)
{DLA-2940-1}
- linux 4.12.6-1
@@ -37988,31 +37988,31 @@ CVE-2021-39713 (Product: AndroidVersions: Android kernelAndroid ID: A-173788806R
- linux 5.2.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
CVE-2021-39712 (In TBD of TBD, there is a possible user after free vulnerability due t ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39711 (In bpf_prog_test_run_skb of test_run.c, there is a possible out of bou ...)
- linux 4.18.6-1
NOTE: https://git.kernel.org/linus/6e6fddc78323533be570873abb728b7e0ba7e024
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
CVE-2021-39710 (Product: AndroidVersions: Android kernelAndroid ID: A-202160245Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39709 (In sendSipAccountsRemovedNotification of SipAccountRegistry.java, ther ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39708 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way to clea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39705 (In getNotificationTag of LegacyVoicemailNotifier.java, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39704 (In deleteNotificationChannelGroup of NotificationManagerService.java, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39703 (In updateState of UsbDeviceManager.java, there is a possible unauthori ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39702 (In onCreate of RequestManageCredentials.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39701 (In serviceConnection of ControlsProviderLifecycleManager.kt, there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39700
RESERVED
CVE-2021-39699
@@ -38023,23 +38023,23 @@ CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory c
[bullseye] - linux 5.10.92-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39696
RESERVED
CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible permissi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for default apps ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39691
RESERVED
CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...)
NOT-FOR-US: Pixel
CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...)
@@ -38087,7 +38087,7 @@ CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a poss
CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...)
NOT-FOR-US: Android
CVE-2021-39667 (In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...)
NOT-FOR-US: Android
CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...)
@@ -38195,7 +38195,7 @@ CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a
CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
NOT-FOR-US: Android
CVE-2021-39624 (In Package Manger, there is a possible permanent denial of service due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
NOT-FOR-US: Android
CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...)
@@ -38775,9 +38775,9 @@ CVE-2021-39386
CVE-2021-39385
RESERVED
CVE-2021-39384 (DWSurvey v3.2.0 was discovered to contain an arbitrary file write vuln ...)
- TODO: check
+ NOT-FOR-US: DWSurvey
CVE-2021-39383 (DWSurvey v3.2.0 was discovered to contain a remote command execution ( ...)
- TODO: check
+ NOT-FOR-US: DWSurvey
CVE-2021-39382
RESERVED
CVE-2021-39381
@@ -40375,7 +40375,7 @@ CVE-2021-38747
CVE-2021-38746
RESERVED
CVE-2021-38745 (Chamilo LMS v1.11.14 was discovered to contain a zero click code injec ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2021-38744
RESERVED
CVE-2021-38743
@@ -52280,7 +52280,7 @@ CVE-2021-33855
CVE-2021-33854
RESERVED
CVE-2021-33853 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascri ...)
- TODO: check
+ NOT-FOR-US: X2Engine X2CRM
CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
NOT-FOR-US: post-duplicator-image plugin for WordPress
CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
@@ -58953,7 +58953,7 @@ CVE-2021-31328
CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...)
NOT-FOR-US: Remote Clinic
CVE-2021-31326 (D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitra ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-816
CVE-2021-31325
RESERVED
CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...)
@@ -59749,7 +59749,7 @@ CVE-2021-30974
CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-30972 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...)
@@ -59861,21 +59861,21 @@ CVE-2021-30930 (A logic issue was addressed with improved state management. This
CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30928 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...)
NOT-FOR-US: Apple
CVE-2021-30925 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...)
NOT-FOR-US: Apple
CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30922 (Multiple out-of-bounds write issues were addressed with improved bound ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30921 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...)
NOT-FOR-US: Apple
CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -60029,7 +60029,7 @@ CVE-2021-30858 (A use after free issue was addressed with improved memory manage
CVE-2021-30857 (A race condition was addressed with improved locking. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30856 (This issue was addressed by adding a new Remote Login option for optin ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30855 (A validation issue existed in the handling of symlinks. This issue was ...)
NOT-FOR-US: Apple
CVE-2021-30854 (A logic issue was addressed with improved state management. This issue ...)
@@ -60245,7 +60245,7 @@ CVE-2021-30773 (An issue in code signature validation was addressed with improve
CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30771 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0018e303d2905c7984e30e63296e7fee4a54ce9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0018e303d2905c7984e30e63296e7fee4a54ce9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/24e97917/attachment.htm>
More information about the debian-security-tracker-commits
mailing list