[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon, 20 Jun 2022 22:57:55 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e42624b9 by Salvatore Bonaccorso at 2022-06-21T07:57:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72670,7 +72670,7 @@ CVE-2021-33297
 CVE-2021-33296
        RESERVED
 CVE-2021-33295 (Cross Site Scripting (XSS) vulnerability in Joplin Desktop App 
before  ...)
-       TODO: check
+       NOT-FOR-US: Joplin Desktop App
 CVE-2021-33294
        RESERVED
 CVE-2021-33293 (Panorama Tools libpano13 v2.9.20 was discovered to contain an 
out-of-b ...)
@@ -80697,9 +80697,9 @@ CVE-2021-30352
 CVE-2021-30351 (An out of bound memory access can occur due to improper 
validation of  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30350 (Lack of MBN header size verification against input buffer can 
lead to  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30349 (Improper access control sequence for AC database after memory 
allocati ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30348 (Improper validation of LLM utility timers availability can 
lead to den ...)
        NOT-FOR-US: Qualcomm
 CVE-2021-30347 (Improper integrity check can lead to race condition between 
tasks PDCP ...)
@@ -80717,11 +80717,11 @@ CVE-2021-30342 (Improper integrity check can lead to 
race condition between task
 CVE-2021-30341 (Improper buffer size validation of DSM packet received can 
lead to mem ...)
        TODO: check
 CVE-2021-30340 (Reachable assertion due to improper validation of coreset in 
PDCCH con ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30339 (Reading PRNG output may lead to improper key generation due to 
lack of ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30338 (Improper input validation in TrustZone memory transfer 
interface can l ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30337 (Possible use after free when process shell memory is freed 
using IOCTL ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30336 (Possible out of bound read due to lack of domain input 
validation whil ...)
@@ -80729,7 +80729,7 @@ CVE-2021-30336 (Possible out of bound read due to lack 
of domain input validatio
 CVE-2021-30335 (Possible assertion in QOS request due to improper validation 
when mult ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30334 (Possible use after free due to lack of null check of DRM file 
status a ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30333 (Improper validation of buffer size input to the EFS file can 
lead to m ...)
        NOT-FOR-US: Qualcomm
 CVE-2021-30332 (Possible assertion due to improper validation of OTA 
configuration in  ...)
@@ -80743,7 +80743,7 @@ CVE-2021-30329 (Possible assertion due to improper 
validation of TCI configurati
 CVE-2021-30328 (Possible assertion due to improper validation of invalid NR 
CSI-IM res ...)
        NOT-FOR-US: Qualcomm
 CVE-2021-30327 (Buffer overflow in sahara protocol while processing commands 
leads to  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30326 (Possible assertion due to improper size validation while 
processing th ...)
        NOT-FOR-US: Qualcomm
 CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of 
validatio ...)
@@ -80835,7 +80835,7 @@ CVE-2021-30283 (Possible denial of service due to 
improper handling of debug reg
 CVE-2021-30282 (Possible out of bound write in RAM partition table due to 
improper val ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30281 (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, 
Snapdragon Co ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-30280
        RESERVED
 CVE-2021-30279 (Possible access control violation while setting current 
permission for ...)
@@ -87253,7 +87253,7 @@ CVE-2021-27788
 CVE-2021-27787
        RESERVED
 CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to 
perform cross ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2021-27785
        RESERVED
 CVE-2021-27784
@@ -105086,7 +105086,7 @@ CVE-2020-35599
 CVE-2020-35598 (ACS Advanced Comment System 1.0 is affected by Directory 
Traversal via ...)
        NOT-FOR-US: ACS Advanced Comment System
 CVE-2020-35597 (Victor CMS 1.0 is vulnerable to SQL injection via c_id 
parameter of ad ...)
-       TODO: check
+       NOT-FOR-US: Victor CMS
 CVE-2020-35596
        RESERVED
 CVE-2020-35595



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42624b9f1c33f15ea02a0d6c172a667d5b3ed8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e42624b9f1c33f15ea02a0d6c172a667d5b3ed8d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to