Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
509d196b by Moritz Muehlenhoff at 2021-07-19T10:58:30+02:00
NFUs
drop one TODO for mongo-driver, if relevant it would get handled via k8s
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2021-36774
RESERVED
CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support
an arbitr ...)
- TODO: check
+ NOT-FOR-US: uBlock Origin
CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored
XSS. ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected
XSS. ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2021-36770
RESERVED
CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for
Android, Telegr ...)
@@ -58,7 +58,7 @@ CVE-2021-36749
CVE-2021-3650
RESERVED
CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression
Complexity ...)
- TODO: check
+ NOT-FOR-US: chatwoot
CVE-2021-36748
RESERVED
CVE-2021-36747
@@ -6312,7 +6312,7 @@ CVE-2021-33913
CVE-2021-33912
RESERVED
CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote
code execut ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2021-33910
RESERVED
CVE-2021-33909
@@ -7132,7 +7132,7 @@ CVE-2021-33594
CVE-2021-33593
RESERVED
CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to
execute arb ...)
- TODO: check
+ NOT-FOR-US: NAVER Toolbar
CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior
to 1.0.15 ...)
NOT-FOR-US: Naver Comic Viewer
CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in
get_device_path_ ...)
@@ -20609,7 +20609,7 @@ CVE-2021-28116 (Squid through 4.14 and 5.x through
5.0.5, in some configurations
CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via
the com ...)
NOT-FOR-US: MyBB addon
CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a
namespace co ...)
- TODO: check
+ NOT-FOR-US: Froala WYSIWYG Editor
CVE-2021-28113 (A command injection vulnerability in the cookieDomain and
relayDomain ...)
NOT-FOR-US: Okta Access Gateway
CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code
on a deb ...)
@@ -40256,10 +40256,10 @@ CVE-2021-20331 (Specific versions of the MongoDB C#
Driver may erroneously publi
CVE-2021-20330
RESERVED
CVE-2021-20329 (Specific cstrings input may not be properly validated in the
MongoDB G ...)
+ NOT-FOR-US: mongo-driver
NOTE: https://jira.mongodb.org/browse/GODRIVER-1923
NOTE: https://github.com/mongodb/mongo-go-driver/pull/622
NOTE:
https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118
(v1.5.1)
- TODO: check, mongo-driver driver embedded in src:kubernetes
CVE-2021-20328 (Specific versions of the Java driver that support client-side
field le ...)
- mongo-java-driver <not-affected> (Vulnerable code introduce later)
NOTE: https://jira.mongodb.org/browse/JAVA-4017
@@ -395031,7 +395031,7 @@ CVE-2012-2667 (Session fixation vulnerability in
lib/user/sfBasicSecurityUser.cl
NOTE:
http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
NOTE:
http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest()
in src/ ...)
- TODO: check
+ NOT-FOR-US: Historic Go issue
CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest
encryption ta ...)
{DSA-2520-1}
- libreoffice 1:3.5.4-7
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/509d196b75aff9a068ee4dd091cfdfd8e762641f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/509d196b75aff9a068ee4dd091cfdfd8e762641f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
