diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-07-27 11:07:35 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-07-27 11:08:20 +0200 |
commit | 90d38b0728ce6890e7d28da55eccbd34f84f9f10 (patch) | |
tree | be93195bbc59475b5cb8807814d5be3f285ee851 | |
parent | 44661813797f6c9405d5b26d98cbb54bd825e173 (diff) |
new jruby, mongodb issues
NFUs
-rw-r--r-- | data/CVE/list | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/data/CVE/list b/data/CVE/list index aa2293aac6..e284c97a56 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -12461,9 +12461,10 @@ CVE-2021-32066 [A StartTLS stripping vulnerability in Net::IMAP] - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 <removed> - ruby2.3 <removed> + - jruby <unfixed> + [buster] - jruby <no-dsa> (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ NOTE: https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) - TODO: check jruby CVE-2021-32065 RESERVED CVE-2021-32064 @@ -13367,9 +13368,10 @@ CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7 - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 <removed> - ruby2.3 <removed> + - jruby <unfixed> + [buster] - jruby <no-dsa> (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ NOTE: https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) - TODO: check jruby CVE-2021-31809 RESERVED CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) @@ -36688,7 +36690,7 @@ CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch & CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...) - elasticsearch <removed> CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...) - TODO: check + - elasticsearch <removed> CVE-2021-22143 RESERVED CVE-2021-22142 @@ -42265,7 +42267,8 @@ CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24 with multiple OM applicatio CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...) NOT-FOR-US: MongoDB Compass CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may result in a ...) - TODO: check + - mongodb <removed> + NOTE: https://jira.mongodb.org/browse/SERVER-50605 CVE-2021-20332 RESERVED CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...) @@ -49993,7 +49996,8 @@ CVE-2021-1092 (NVIDIA GPU Display Driver for Windows contains a vulnerability in CVE-2021-1091 (NVIDIA GPU Display driver for Windows contains a vulnerability where a ...) NOT-FOR-US: NVIDIA GPU Display driver for Windows CVE-2021-1090 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - TODO: check + NOT-FOR-US: NVIDIA GPU Display driver for Windows + NOTE: CVE description is wrong, per https://nvidia.custhelp.com/app/answers/detail/a_id/5211 only for Windows CVE-2021-1089 (NVIDIA GPU Display Driver for Windows contains a vulnerability in nvid ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2021-1088 @@ -60521,9 +60525,9 @@ CVE-2020-25208 (In JetBrains YouTrack before 2020.4.4701, an attacker could enum CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Exe ...) NOT-FOR-US: JetBrains CVE-2020-25206 (The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 a ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2020-25205 (The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 i ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2020-25204 (The God Kings application 0.60.1 for Android exposes a broadcast recei ...) NOT-FOR-US: God Kings application for Android CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer.viewe ...) @@ -64786,11 +64790,11 @@ CVE-2020-23286 CVE-2020-23285 RESERVED CVE-2020-23284 (Information disclosure in aspx pages in MV's IDCE application v1.0 all ...) - TODO: check + NOT-FOR-US: IDCE CVE-2020-23283 (Information disclosure in Logon Page in MV's mConnect application v02. ...) - TODO: check + NOT-FOR-US: mConnect CVE-2020-23282 (SQL injection in Logon Page in MV's mConnect application, v02.001.00, ...) - TODO: check + NOT-FOR-US: mConnect CVE-2020-23281 RESERVED CVE-2020-23280 @@ -64868,17 +64872,17 @@ CVE-2020-23245 CVE-2020-23244 RESERVED CVE-2020-23243 (Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2. ...) - TODO: check + NOT-FOR-US: NavigateCMS CVE-2020-23242 (Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when perfo ...) - TODO: check + NOT-FOR-US: NavigateCMS CVE-2020-23241 (Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2020-23240 (Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2020-23239 (Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via ...) - TODO: check + NOT-FOR-US: Textpattern CMS CVE-2020-23238 (Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via th ...) - TODO: check + NOT-FOR-US: Evolution CMS CVE-2020-23237 RESERVED CVE-2020-23236 @@ -64886,7 +64890,7 @@ CVE-2020-23236 CVE-2020-23235 RESERVED CVE-2020-23234 (Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 v ...) - TODO: check + NOT-FOR-US: LavaLite CMS CVE-2020-23233 RESERVED CVE-2020-23232 |