From a782e2b856b53ec085e9d2e01ebab51ce311c200 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 20 Jan 2021 14:57:33 +0100 Subject: new virtualbox, phpmyadmin issues git-nfs n/a NFUs --- data/CVE/list | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index ded87acdbe..79f5efe5d5 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -9168,7 +9168,7 @@ CVE-2016-20001 (The REST/JSON project 7.x-1.x for Drupal allows node access bypa CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url ...) NOT-FOR-US: Seo Panel CVE-2020-35929 (In TinyCheck before commits 9fd360d and ea53de8, the installation scri ...) - TODO: check + NOT-FOR-US: TinyCheck CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...) NOT-FOR-US: concread rust crate CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08 for Rust. ...) @@ -10349,7 +10349,9 @@ CVE-2021-21254 CVE-2021-21253 RESERVED CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...) - TODO: check + - phpmyadmin + NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm + NOTE: not packaged, but phpmyadmin embeds a copy CVE-2021-21251 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) NOT-FOR-US: OneDev CVE-2021-21250 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) @@ -10385,7 +10387,8 @@ CVE-2021-21239 CVE-2021-21238 RESERVED CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...) - TODO: check + - git-lfs (Windows-specific) + NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5 CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...) - cairosvg 2.5.0-1.1 (bug #979597) [buster] - cairosvg (Vulnerable code introduced in 2.0.0rc6) @@ -11865,7 +11868,7 @@ CVE-2021-20621 CVE-2021-20620 RESERVED CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...) - TODO: check + NOT-FOR-US: GROWI CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...) NOT-FOR-US: acmailer CVE-2021-20617 (Improper access control vulnerability in acmailer ver. 4.0.1 and earli ...) @@ -14889,30 +14892,42 @@ CVE-2021-2132 RESERVED CVE-2021-2131 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2130 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2129 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2128 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2127 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2126 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2125 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2124 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2123 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2122 RESERVED CVE-2021-2121 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2120 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2119 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2118 RESERVED CVE-2021-2117 @@ -14927,8 +14942,10 @@ CVE-2021-2113 RESERVED CVE-2021-2112 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2111 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2110 RESERVED CVE-2021-2109 @@ -14979,6 +14996,7 @@ CVE-2021-2087 RESERVED CVE-2021-2086 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2085 RESERVED CVE-2021-2084 @@ -15003,8 +15021,10 @@ CVE-2021-2075 RESERVED CVE-2021-2074 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2073 RESERVED + - virtualbox 6.1.18-dfsg-1 CVE-2021-2072 RESERVED CVE-2021-2071 @@ -19777,17 +19797,17 @@ CVE-2020-28484 CVE-2020-28483 RESERVED CVE-2020-28482 (This affects the package fastify-csrf before 3.0.0. 1. The generated c ...) - TODO: check + NOT-FOR-US: Node fastify-csrf CVE-2020-28481 (The package socket.io before 2.4.0 are vulnerable to Insecure Defaults ...) - TODO: check + NOT-FOR-US: Node socket.io CVE-2020-28480 (The package jointjs before 3.3.0 are vulnerable to Prototype Pollution ...) - TODO: check + NOT-FOR-US: Node jointjs CVE-2020-28479 (The package jointjs before 3.3.0 are vulnerable to Denial of Service ( ...) - TODO: check + NOT-FOR-US: Node jointjs CVE-2020-28478 (This affects the package gsap before 3.6.0. ...) - TODO: check + NOT-FOR-US: Node gsap CVE-2020-28477 (This affects all versions of package immer. ...) - TODO: check + NOT-FOR-US: Node immer CVE-2020-28476 (All versions of package tornado are vulnerable to Web Cache Poisoning ...) TODO: check CVE-2020-28475 -- cgit v1.2.3