diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-07-19 10:58:30 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-07-19 10:58:30 +0200 |
commit | fffad5496b47f97a564d27f6865754dfee2df656 (patch) | |
tree | 0319566813ce5cbe2717d41a2929310925830179 | |
parent | 30f635d37b22f0f43d5f7d5d0d0bb67bc6f490f4 (diff) |
NFUs
drop one TODO for mongo-driver, if relevant it would get handled via k8s
-rw-r--r-- | data/CVE/list.2012 | 2 | ||||
-rw-r--r-- | data/CVE/list.2021 | 16 |
2 files changed, 9 insertions, 9 deletions
diff --git a/data/CVE/list.2012 b/data/CVE/list.2012 index 41ac24d65d..8f2de1d6de 100644 --- a/data/CVE/list.2012 +++ b/data/CVE/list.2012 @@ -10082,7 +10082,7 @@ CVE-2012-2667 (Session fixation vulnerability in lib/user/sfBasicSecurityUser.cl NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466 CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/ ...) - TODO: check + NOT-FOR-US: Historic Go issue CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ta ...) {DSA-2520-1} - libreoffice 1:3.5.4-7 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index e5ffa5f744..6dd5cc753c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,11 +1,11 @@ CVE-2021-36774 RESERVED CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) - TODO: check + NOT-FOR-US: uBlock Origin CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...) - TODO: check + NOT-FOR-US: Zoho CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...) - TODO: check + NOT-FOR-US: Zoho CVE-2021-36770 RESERVED CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...) @@ -58,7 +58,7 @@ CVE-2021-36749 CVE-2021-3650 RESERVED CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...) - TODO: check + NOT-FOR-US: chatwoot CVE-2021-36748 RESERVED CVE-2021-36747 @@ -6189,7 +6189,7 @@ CVE-2021-33913 CVE-2021-33912 RESERVED CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...) - TODO: check + NOT-FOR-US: Zoho CVE-2021-33910 RESERVED CVE-2021-33909 @@ -6943,7 +6943,7 @@ CVE-2021-33594 CVE-2021-33593 RESERVED CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...) - TODO: check + NOT-FOR-US: NAVER Toolbar CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...) NOT-FOR-US: Naver Comic Viewer CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...) @@ -20000,7 +20000,7 @@ CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...) NOT-FOR-US: MyBB addon CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...) - TODO: check + NOT-FOR-US: Froala WYSIWYG Editor CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain ...) NOT-FOR-US: Okta Access Gateway CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...) @@ -37791,10 +37791,10 @@ CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publi CVE-2021-20330 RESERVED CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...) + NOT-FOR-US: mongo-driver NOTE: https://jira.mongodb.org/browse/GODRIVER-1923 NOTE: https://github.com/mongodb/mongo-go-driver/pull/622 NOTE: https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118 (v1.5.1) - TODO: check, mongo-driver driver embedded in src:kubernetes CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...) - mongo-java-driver <not-affected> (Vulnerable code introduce later) NOTE: https://jira.mongodb.org/browse/JAVA-4017 |