From 5a97d30e3e46d65fdf85cb7c5a5f36197a173794 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 7 Dec 2021 18:56:19 +0100 Subject: new gitlab issues NFUs --- data/CVE/list | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 02f427639e..0d483960d6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -18,9 +18,9 @@ CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vuln NOTE: https://bugs.launchpad.net/calibre/+bug/1951979 NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0) CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...) - TODO: check + NOT-FOR-US: git-it CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...) - TODO: check + NOT-FOR-US: naholyr github-todos CVE-2021-44683 RESERVED CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...) @@ -14960,7 +14960,7 @@ CVE-2021-39892 CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) - TODO: check + - gitlab CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...) @@ -25319,7 +25319,6 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-8.0 - mysql-5.7 NOTE: Fixed in MariaDB: 10.5.13, 10.3.32 - TODO: clarify MariaDB 10.6 status CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 @@ -54824,7 +54823,7 @@ CVE-2021-23760 CVE-2021-23759 RESERVED CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...) - TODO: check + NOT-FOR-US: ajaxpro CVE-2021-23757 RESERVED CVE-2021-23756 @@ -55216,7 +55215,7 @@ CVE-2021-23564 CVE-2021-23563 RESERVED CVE-2021-23562 (This affects the package plupload before 2.3.9. A file name containing ...) - TODO: check + NOT-FOR-US: Node plupload CVE-2021-23561 RESERVED CVE-2021-23560 @@ -58422,7 +58421,7 @@ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab P [experimental] - gitlab 13.6.6-1 - gitlab CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...) - TODO: check + - gitlab CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...) - gitlab (Specific to EE) NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ -- cgit v1.2.3