Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90d38b07 by Moritz Muehlenhoff at 2021-07-27T11:08:20+02:00
new jruby, mongodb issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12461,9 +12461,10 @@ CVE-2021-32066 [A StartTLS stripping vulnerability in
Net::IMAP]
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
+ - jruby <unfixed>
+ [buster] - jruby <no-dsa> (Minor issue)
NOTE:
https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
NOTE:
https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a
(2.7)
- TODO: check jruby
CVE-2021-32065
RESERVED
CVE-2021-32064
@@ -13367,9 +13368,10 @@ CVE-2021-31810 (An issue was discovered in Ruby
through 2.6.7, 2.7.x through 2.7
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
+ - jruby <unfixed>
+ [buster] - jruby <no-dsa> (Minor issue)
NOTE:
https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
NOTE:
https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469
(2.7)
- TODO: check jruby
CVE-2021-31809
RESERVED
CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
@@ -36688,7 +36690,7 @@ CVE-2021-22146 (All versions of Elastic Cloud
Enterprise has the Elasticsearch &
CVE-2021-22145 (A memory disclosure vulnerability was identified in
Elasticsearch 7.10 ...)
- elasticsearch <removed>
CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an
uncontrolled rec ...)
- TODO: check
+ - elasticsearch <removed>
CVE-2021-22143
RESERVED
CVE-2021-22142
@@ -42265,7 +42267,8 @@ CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24
with multiple OM applicatio
CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine
where M ...)
NOT-FOR-US: MongoDB Compass
CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may
result in a ...)
- TODO: check
+ - mongodb <removed>
+ NOTE: https://jira.mongodb.org/browse/SERVER-50605
CVE-2021-20332
RESERVED
CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously
publish eve ...)
@@ -49993,7 +49996,8 @@ CVE-2021-1092 (NVIDIA GPU Display Driver for Windows
contains a vulnerability in
CVE-2021-1091 (NVIDIA GPU Display driver for Windows contains a vulnerability
where a ...)
NOT-FOR-US: NVIDIA GPU Display driver for Windows
CVE-2021-1090 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GPU Display driver for Windows
+ NOTE: CVE description is wrong, per
https://nvidia.custhelp.com/app/answers/detail/a_id/5211 only for Windows
CVE-2021-1089 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in nvid ...)
NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2021-1088
@@ -60521,9 +60525,9 @@ CVE-2020-25208 (In JetBrains YouTrack before
2020.4.4701, an attacker could enum
CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote
Code Exe ...)
NOT-FOR-US: JetBrains
CVE-2020-25206 (The web console for Mimosa B5, B5c, and C5x firmware through
2.8.0.2 a ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2020-25205 (The web console for Mimosa B5, B5c, and C5x firmware through
2.8.0.2 i ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2020-25204 (The God Kings application 0.60.1 for Android exposes a
broadcast recei ...)
NOT-FOR-US: God Kings application for Android
CVE-2020-25203 (The Framer Preview application 12 for Android exposes
com.framer.viewe ...)
@@ -64786,11 +64790,11 @@ CVE-2020-23286
CVE-2020-23285
RESERVED
CVE-2020-23284 (Information disclosure in aspx pages in MV's IDCE application
v1.0 all ...)
- TODO: check
+ NOT-FOR-US: IDCE
CVE-2020-23283 (Information disclosure in Logon Page in MV's mConnect
application v02. ...)
- TODO: check
+ NOT-FOR-US: mConnect
CVE-2020-23282 (SQL injection in Logon Page in MV's mConnect application,
v02.001.00, ...)
- TODO: check
+ NOT-FOR-US: mConnect
CVE-2020-23281
RESERVED
CVE-2020-23280
@@ -64868,17 +64872,17 @@ CVE-2020-23245
CVE-2020-23244
RESERVED
CVE-2020-23243 (Cross Site Scripting (XSS) vulnerability in NavigateCMS
NavigateCMS 2. ...)
- TODO: check
+ NOT-FOR-US: NavigateCMS
CVE-2020-23242 (Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9
when perfo ...)
- TODO: check
+ NOT-FOR-US: NavigateCMS
CVE-2020-23241 (Cross Site Scripting (XSS) vulnerability in CMS Made Simple
2.2.14 in ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-23240 (Cross Site Scripting (XSS) vulnerablity in CMS Made Simple
2.2.14 via ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-23239 (Cross Site Scripting (XSS) vulnerability in Textpattern CMS
4.8.1 via ...)
- TODO: check
+ NOT-FOR-US: Textpattern CMS
CVE-2020-23238 (Cross Site Scripting (XSS) vulnerability in Evolution CMS
2.0.2 via th ...)
- TODO: check
+ NOT-FOR-US: Evolution CMS
CVE-2020-23237
RESERVED
CVE-2020-23236
@@ -64886,7 +64890,7 @@ CVE-2020-23236
CVE-2020-23235
RESERVED
CVE-2020-23234 (Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS
5.8.0 v ...)
- TODO: check
+ NOT-FOR-US: LavaLite CMS
CVE-2020-23233
RESERVED
CVE-2020-23232
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90d38b0728ce6890e7d28da55eccbd34f84f9f10
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90d38b0728ce6890e7d28da55eccbd34f84f9f10
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
