From 52d2408267636d82f7f9462adb277986120db322 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 3 Nov 2021 06:57:59 +0100 Subject: Add new trafficserver issues --- data/CVE/list.2021 | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 5dbbef9999..e759c40ea0 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -358,8 +358,10 @@ CVE-2021-3916 RESERVED CVE-2021-43083 RESERVED -CVE-2021-43082 +CVE-2021-43082 [heap-buffer-overflow with stats-over-http plugin] RESERVED + - trafficserver + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 CVE-2021-3915 RESERVED CVE-2021-43081 @@ -3711,8 +3713,10 @@ CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity . [stretch] - nltk (Minor issue) NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 NOTE: https://github.com/nltk/nltk/pull/2816 -CVE-2021-41585 +CVE-2021-41585 [ATS stops accepting connections on FreeBSD] RESERVED + - trafficserver (Only affects FreeBSD) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...) @@ -11808,8 +11812,12 @@ CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7. NOT-FOR-US: SAP CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...) NOT-FOR-US: SAP -CVE-2021-38161 +CVE-2021-38161 [Not validating origin TLS certificate] RESERVED + - trafficserver 9.1.0+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: Mark first 9.x version as the fixed version as workaround, the issue does + NOTE: not affect the 9.x series. CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...) {DSA-4978-1} - linux 5.14.6-1 @@ -14191,12 +14199,18 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html CVE-2021-37150 RESERVED -CVE-2021-37149 +CVE-2021-37149 [Request Smuggling - multiple attacks] RESERVED -CVE-2021-37148 + - trafficserver + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 +CVE-2021-37148 [Request Smuggling - transfer encoding validation] RESERVED -CVE-2021-37147 + - trafficserver + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 +CVE-2021-37147 [Request Smuggling - LF line ending] RESERVED + - trafficserver + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) [experimental] - ros-ros-comm 1.15.13+ds1-1 - ros-ros-comm 1.15.13+ds1-2 -- cgit v1.2.3