diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-20 11:31:57 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-01-20 11:31:57 +0100 |
commit | 85d483908c9806e63d97c3ad4a027969e35b7730 (patch) | |
tree | 195dc991ce0e2bc968c228e1ec94f721af3a6921 | |
parent | 816e8cb29b182c1de123c95eb46b6c6c4c337118 (diff) |
new node-socket.io-parser, git-big-picture, gitlab issues
-rw-r--r-- | data/CVE/list | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/data/CVE/list b/data/CVE/list index dc628ac2c1..ded87acdbe 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -788,7 +788,7 @@ CVE-2021-21263 [Unexpected bindings in QueryBuilder] NOTE: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x NOTE: https://github.com/laravel/framework/pull/35865 CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certificat ...) - TODO: check + NOT-FOR-US: Docker Desktop on MacOS CVE-2021-3161 RESERVED CVE-2021-3160 @@ -6160,7 +6160,8 @@ CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_ CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...) NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging) CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a branch name, ...) - TODO: check + - git-big-picture 1.0.0-1 + NOTE: https://github.com/git-big-picture/git-big-picture/pull/62 CVE-2021-22696 RESERVED CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...) @@ -7269,15 +7270,15 @@ CVE-2021-22173 CVE-2021-22172 RESERVED CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) - TODO: check + - gitlab <unfixed> CVE-2021-22170 RESERVED CVE-2021-22169 RESERVED CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...) - TODO: check + - gitlab <unfixed> CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...) - TODO: check + - gitlab <unfixed> CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...) - gitlab <not-affected> (Only affects Gitlab 13.7.x) NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ @@ -8874,7 +8875,9 @@ CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1 CVE-2020-36050 RESERVED CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...) - TODO: check + - node-socket.io-parser 3.4.1-1 + NOTE: https://blog.caller.xyz/socketio-engineio-dos/ + NOTE: https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55 CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of service ( ...) TODO: check CVE-2020-36047 |