diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-03 06:57:59 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-03 06:59:12 +0100 |
commit | 2984abe7426a14d951364388303df54d0d3ec9bb (patch) | |
tree | 50d79ce961c6e72c591b37f627a80b0b24f4349f | |
parent | 29f8f3429708e142fef9052f11d76790a9ee72cf (diff) |
Add new trafficserver issues
-rw-r--r-- | data/CVE/2021.list | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 5dbbef9999..e759c40ea0 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -358,8 +358,10 @@ CVE-2021-3916 RESERVED CVE-2021-43083 RESERVED -CVE-2021-43082 +CVE-2021-43082 [heap-buffer-overflow with stats-over-http plugin] RESERVED + - trafficserver <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 CVE-2021-3915 RESERVED CVE-2021-43081 @@ -3711,8 +3713,10 @@ CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity . [stretch] - nltk <no-dsa> (Minor issue) NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 NOTE: https://github.com/nltk/nltk/pull/2816 -CVE-2021-41585 +CVE-2021-41585 [ATS stops accepting connections on FreeBSD] RESERVED + - trafficserver <not-affected> (Only affects FreeBSD) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...) @@ -11808,8 +11812,12 @@ CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7. NOT-FOR-US: SAP CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...) NOT-FOR-US: SAP -CVE-2021-38161 +CVE-2021-38161 [Not validating origin TLS certificate] RESERVED + - trafficserver 9.1.0+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: Mark first 9.x version as the fixed version as workaround, the issue does + NOTE: not affect the 9.x series. CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...) {DSA-4978-1} - linux 5.14.6-1 @@ -14191,12 +14199,18 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html CVE-2021-37150 RESERVED -CVE-2021-37149 +CVE-2021-37149 [Request Smuggling - multiple attacks] RESERVED -CVE-2021-37148 + - trafficserver <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 +CVE-2021-37148 [Request Smuggling - transfer encoding validation] RESERVED -CVE-2021-37147 + - trafficserver <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 +CVE-2021-37147 [Request Smuggling - LF line ending] RESERVED + - trafficserver <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) [experimental] - ros-ros-comm 1.15.13+ds1-1 - ros-ros-comm 1.15.13+ds1-2 |