summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-11-03 06:57:59 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-11-03 06:59:12 +0100
commit52d2408267636d82f7f9462adb277986120db322 (patch)
tree9abb4dd0e047bc5d2928cf35ee74a97159ff842c
parent2c540fb4f3a7c54b0fce0ed47c838a45d4cc2b51 (diff)
Add new trafficserver issues
-rw-r--r--data/CVE/list.202126
1 files changed, 20 insertions, 6 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 5dbbef9999..e759c40ea0 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -358,8 +358,10 @@ CVE-2021-3916
RESERVED
CVE-2021-43083
RESERVED
-CVE-2021-43082
+CVE-2021-43082 [heap-buffer-overflow with stats-over-http plugin]
RESERVED
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
CVE-2021-3915
RESERVED
CVE-2021-43081
@@ -3711,8 +3713,10 @@ CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity .
[stretch] - nltk <no-dsa> (Minor issue)
NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
NOTE: https://github.com/nltk/nltk/pull/2816
-CVE-2021-41585
+CVE-2021-41585 [ATS stops accepting connections on FreeBSD]
RESERVED
+ - trafficserver <not-affected> (Only affects FreeBSD)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...)
NOT-FOR-US: Gradle Enterprise
CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...)
@@ -11808,8 +11812,12 @@ CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.
NOT-FOR-US: SAP
CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...)
NOT-FOR-US: SAP
-CVE-2021-38161
+CVE-2021-38161 [Not validating origin TLS certificate]
RESERVED
+ - trafficserver 9.1.0+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: Mark first 9.x version as the fixed version as workaround, the issue does
+ NOTE: not affect the 9.x series.
CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...)
{DSA-4978-1}
- linux 5.14.6-1
@@ -14191,12 +14199,18 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel
NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
CVE-2021-37150
RESERVED
-CVE-2021-37149
+CVE-2021-37149 [Request Smuggling - multiple attacks]
RESERVED
-CVE-2021-37148
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+CVE-2021-37148 [Request Smuggling - transfer encoding validation]
RESERVED
-CVE-2021-37147
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+CVE-2021-37147 [Request Smuggling - LF line ending]
RESERVED
+ - trafficserver <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
[experimental] - ros-ros-comm 1.15.13+ds1-1
- ros-ros-comm 1.15.13+ds1-2

© 2014-2024 Faster IT GmbH | imprint | privacy policy