diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-12-13 16:45:45 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-12-13 16:45:45 +0100 |
commit | 1cefdd8b44ef101b84116f1569cee8fba2e77eb4 (patch) | |
tree | 650386e33737824134ab5f8a2e2f8920063aeb6d | |
parent | 04d3843308d5d78611feac624775d90c00c49c48 (diff) |
buster/bullseye triage
-rw-r--r-- | data/CVE/list | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index a0576f5b72..b0f5f1de85 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2992,6 +2992,8 @@ CVE-2021-43798 (Grafana is an open-source platform for monitoring and observabil - grafana <removed> CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...) - netty <unfixed> (bug #1001437) + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final) CVE-2021-43796 @@ -31665,6 +31667,8 @@ CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 NOT-FOR-US: Nagios XI CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) - nagvis 1:1.9.29-1 + [bullseye] - nagvis <no-dsa> (Minor issue) + [buster] - nagvis <no-dsa> (Minor issue) TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/ CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) NOT-FOR-US: Nagios XI @@ -77845,6 +77849,7 @@ CVE-2020-27512 CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...) - prototypejs <unfixed> (bug #991898) [bullseye] - prototypejs <no-dsa> (Minor issue) + [buster] - prototypejs <no-dsa> (Minor issue) [stretch] - prototypejs <no-dsa> (Minor issue) NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283 NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md @@ -107696,6 +107701,8 @@ CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the NOT-FOR-US: Foxit Reader CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...) - cacti 1.2.19+ds1-1 + [bullseye] - cacti <no-dsa> (Minor issue) + [buster] - cacti <no-dsa> (Minor issue) [stretch] - cacti <not-affected> (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/pull/4261 NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18) |