diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-02 15:26:26 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-02 15:26:26 +0100 |
| commit | 2a47e4f981eac3d6c0627c8426b1e8f18ae04b48 (patch) | |
| tree | eb8137e56807c0c0f9d81f214d5a28f9d2a0060a | |
| parent | 2b41f6b6efc5435e6d2598b3cd627acf91ce83c4 (diff) | |
linux n/a
NFUs
| -rw-r--r-- | data/CVE/2020.list | 2 | ||||
| -rw-r--r-- | data/CVE/2021.list | 23 |
2 files changed, 13 insertions, 12 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index d892eeae19..a3ca0b3717 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -40,7 +40,7 @@ CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-36239 RESERVED CVE-2020-36238 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 441503755b..009bf28e28 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -206,7 +206,7 @@ CVE-2021-27806 CVE-2021-27805 RESERVED CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...) - TODO: check + - jpeg-xl <itp> (bug #948862) CVE-2021-27802 RESERVED CVE-2021-27801 @@ -12941,7 +12941,8 @@ CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1 CVE-2021-21975 RESERVED CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...) - TODO: check + NOT-FOR-US: VMware + NOTE: Might affect src:openslp-dfsg, but removed years ago CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side Request Forge ...) NOT-FOR-US: VMware CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...) @@ -21510,22 +21511,22 @@ CVE-2021-0408 CVE-2021-0407 RESERVED CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due to imp ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper input ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0400 RESERVED CVE-2021-0399 RESERVED - - linux <undetermined> + - linux <not-affected> (Android-specific xt_qtaguid code) NOTE: https://source.android.com/security/bulletin/2021-03-01 CVE-2021-0398 RESERVED @@ -21590,9 +21591,9 @@ CVE-2021-0369 CVE-2021-0368 RESERVED CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race condition. ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...) |