summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2021-01-20 14:57:33 +0100
committerMoritz Muehlenhoff <jmm@debian.org>2021-01-20 14:57:33 +0100
commita782e2b856b53ec085e9d2e01ebab51ce311c200 (patch)
treecab37571efa25a992093443c3b7bfd3d55c22b62
parent85d483908c9806e63d97c3ad4a027969e35b7730 (diff)
new virtualbox, phpmyadmin issues
git-nfs n/a NFUs
-rw-r--r--data/CVE/list40
1 files changed, 30 insertions, 10 deletions
diff --git a/data/CVE/list b/data/CVE/list
index ded87acdbe..79f5efe5d5 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9168,7 +9168,7 @@ CVE-2016-20001 (The REST/JSON project 7.x-1.x for Drupal allows node access bypa
CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url ...)
NOT-FOR-US: Seo Panel
CVE-2020-35929 (In TinyCheck before commits 9fd360d and ea53de8, the installation scri ...)
- TODO: check
+ NOT-FOR-US: TinyCheck
CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...)
NOT-FOR-US: concread rust crate
CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08 for Rust. ...)
@@ -10349,7 +10349,9 @@ CVE-2021-21254
CVE-2021-21253
RESERVED
CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
- TODO: check
+ - phpmyadmin <unfixed>
+ NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
+ NOTE: not packaged, but phpmyadmin embeds a copy
CVE-2021-21251 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
NOT-FOR-US: OneDev
CVE-2021-21250 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
@@ -10385,7 +10387,8 @@ CVE-2021-21239
CVE-2021-21238
RESERVED
CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...)
- TODO: check
+ - git-lfs <not-affected> (Windows-specific)
+ NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5
CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...)
- cairosvg 2.5.0-1.1 (bug #979597)
[buster] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
@@ -11865,7 +11868,7 @@ CVE-2021-20621
CVE-2021-20620
RESERVED
CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...)
NOT-FOR-US: acmailer
CVE-2021-20617 (Improper access control vulnerability in acmailer ver. 4.0.1 and earli ...)
@@ -14889,30 +14892,42 @@ CVE-2021-2132
RESERVED
CVE-2021-2131
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2130
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2129
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2128
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2127
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2126
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2125
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2124
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2123
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2122
RESERVED
CVE-2021-2121
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2120
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2119
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2118
RESERVED
CVE-2021-2117
@@ -14927,8 +14942,10 @@ CVE-2021-2113
RESERVED
CVE-2021-2112
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2111
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2110
RESERVED
CVE-2021-2109
@@ -14979,6 +14996,7 @@ CVE-2021-2087
RESERVED
CVE-2021-2086
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2085
RESERVED
CVE-2021-2084
@@ -15003,8 +15021,10 @@ CVE-2021-2075
RESERVED
CVE-2021-2074
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2073
RESERVED
+ - virtualbox 6.1.18-dfsg-1
CVE-2021-2072
RESERVED
CVE-2021-2071
@@ -19777,17 +19797,17 @@ CVE-2020-28484
CVE-2020-28483
RESERVED
CVE-2020-28482 (This affects the package fastify-csrf before 3.0.0. 1. The generated c ...)
- TODO: check
+ NOT-FOR-US: Node fastify-csrf
CVE-2020-28481 (The package socket.io before 2.4.0 are vulnerable to Insecure Defaults ...)
- TODO: check
+ NOT-FOR-US: Node socket.io
CVE-2020-28480 (The package jointjs before 3.3.0 are vulnerable to Prototype Pollution ...)
- TODO: check
+ NOT-FOR-US: Node jointjs
CVE-2020-28479 (The package jointjs before 3.3.0 are vulnerable to Denial of Service ( ...)
- TODO: check
+ NOT-FOR-US: Node jointjs
CVE-2020-28478 (This affects the package gsap before 3.6.0. ...)
- TODO: check
+ NOT-FOR-US: Node gsap
CVE-2020-28477 (This affects all versions of package immer. ...)
- TODO: check
+ NOT-FOR-US: Node immer
CVE-2020-28476 (All versions of package tornado are vulnerable to Web Cache Poisoning ...)
TODO: check
CVE-2020-28475

© 2014-2024 Faster IT GmbH | imprint | privacy policy