Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c134c76 by Moritz Muehlenhoff at 2021-04-13T09:38:15+02:00
new mongo-tools issue
new gitlab issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10596,9 +10596,9 @@ CVE-2021-25928
CVE-2021-25927
RESERVED
CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: SiCKRAGE
CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: SiCKRAGE
CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to
Cross-Site Reques ...)
NOT-FOR-US: GoCD
CVE-2021-25923
@@ -14937,7 +14937,7 @@ CVE-2021-24026 (A missing bounds check within the audio
decoding pipeline for Wh
CVE-2021-24025 (Due to incorrect string size calculations inside the
preg_quote functi ...)
- hhvm <removed>
CVE-2021-24024 (A clear text storage of sensitive information into log file
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: FortiADCManager
CVE-2021-24023
RESERVED
CVE-2021-24022
@@ -16452,9 +16452,9 @@ CVE-2021-23373
CVE-2021-23372
RESERVED
CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on
a date- ...)
- TODO: check
+ NOT-FOR-US: Node chrono-node
CVE-2021-23370 (This affects the package swiper before 6.5.1. ...)
- TODO: check
+ NOT-FOR-US: swiper
CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote
Code Exec ...)
- node-handlebars <unfixed>
- libjs-handlebars <removed>
@@ -19013,7 +19013,7 @@ CVE-2021-22191 (Improper URL handling in Wireshark
3.4.0 to 3.4.3 and 3.2.0 to 3
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all
version ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were
affected by ...)
[experimental] - gitlab 13.6.7-1
- gitlab <unfixed>
@@ -61786,7 +61786,7 @@ CVE-2020-15944 (An issue was discovered in the
Gantt-Chart module before 5.5.5 f
CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4
for Jir ...)
NOT-FOR-US: Gantt-Chart module for Jira
CVE-2020-15942 (An information disclosure vulnerability in Web Vulnerability
Scan prof ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2020-15941
RESERVED
CVE-2020-15940
@@ -84392,7 +84392,8 @@ CVE-2020-7925 (Incorrect validation of user input in
the role name parser may le
NOTE:
https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8
(v3.6.19)
NOTE: Introduced by:
https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b
(v3.6.18)
CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which
was or ...)
- TODO: check
+ - mongo-tools <unfixed>
+ NOTE: https://jira.mongodb.org/browse/TOOLS-2587
CVE-2020-7923 (A user authorized to perform database queries may cause denial
of serv ...)
{DLA-2344-1}
- mongodb <removed>
@@ -109350,7 +109351,7 @@ CVE-2019-17658 (An unquoted service path
vulnerability in the FortiClient FortiT
CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet
FortiSw ...)
NOT-FOR-US: Fortiguard
CVE-2019-17656 (A Stack-based Buffer Overflow vulnerability in the HTTPD
daemon of For ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313)
vulnerability in Fo ...)
NOT-FOR-US: Fortiguard
CVE-2019-17654 (An Insufficient Verification of Data Authenticity
vulnerability in For ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c134c768d4fa90834df5472d1a4878912edf989
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c134c768d4fa90834df5472d1a4878912edf989
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
