new mongo-java-driver issue

NFUs

2 files changed, 63 insertions, 61 deletions

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 2c2257e195..97c19355ba 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -8489,7 +8489,7 @@ CVE-2020-27226
 CVE-2020-27225
 	RESERVED
 CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Theia
 CVE-2020-27223
 	RESERVED
 CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
@@ -29684,7 +29684,7 @@ CVE-2020-17164
 CVE-2020-17163
 	RESERVED
 CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-17161
 	RESERVED
 CVE-2020-17160
@@ -51658,7 +51658,7 @@ CVE-2020-8299
 CVE-2020-8298
 	RESERVED
 CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Deck
 CVE-2020-8296
 	RESERVED
 CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 6c91b90804..b95551f8aa 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -2229,9 +2229,9 @@ CVE-2021-26703
 CVE-2021-26702
 	RESERVED
 CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-26699
 	RESERVED
 CVE-2021-26698
@@ -5866,7 +5866,7 @@ CVE-2021-3147
 CVE-2021-25196
 	RESERVED
 CVE-2021-25195 (Windows PKU2U Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-25194
 	RESERVED
 CVE-2021-25193
@@ -8063,103 +8063,103 @@ CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used
 	- botan1.10 <removed>
 	NOTE: https://github.com/randombit/botan/pull/2549
 CVE-2021-24114 (Microsoft Teams iOS Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24113 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24112 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24111 (.NET Framework Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24110
 	RESERVED
 CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24108
 	RESERVED
 CVE-2021-24107
 	RESERVED
 CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24104
 	RESERVED
 CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24101 (Microsoft Dataverse Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24100 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24099 (Skype for Business and Lync Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24097
 	RESERVED
 CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24095
 	RESERVED
 CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24090
 	RESERVED
 CVE-2021-24089
 	RESERVED
 CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24087 (Azure IoT CLI extension Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24086 (Windows TCP/IP Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24085 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24084 (Windows Mobile Device Management Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24083 (Windows Address Book Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24082 (Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulne ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24081 (Microsoft Windows Codecs Library Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24080 (Windows Trust Verification API Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24079 (Windows Backup Engine Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24078 (Windows DNS Server Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24077 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24076 (Microsoft Windows VMSwitch Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24075 (Windows Network File System Denial of Service Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24074 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24073 (Skype for Business and Lync Spoofing Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24072 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24071 (Microsoft SharePoint Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24070 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24069 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24068 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24067 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24066 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-24065
 	RESERVED
 CVE-2021-24064
@@ -13082,7 +13082,7 @@ CVE-2021-21726
 CVE-2021-21725
 	RESERVED
 CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The  ...)
@@ -16060,7 +16060,9 @@ CVE-2021-20330
 CVE-2021-20329
 	RESERVED
 CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
-	TODO: check
+	- mongo-java-driver <unfixed>
+	NOTE: https://jira.mongodb.org/browse/JAVA-4017
+	NOTE: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
 CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
 	TODO: check
 CVE-2021-20326
@@ -18445,31 +18447,31 @@ CVE-2021-1736
 CVE-2021-1735
 	RESERVED
 CVE-2021-1734 (Windows Remote Procedure Call Information Disclosure Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1731 (PFX Encryption Security Feature Bypass Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1730 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1729
 	RESERVED
 CVE-2021-1728 (System Center Operations Manager Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1726 (Microsoft SharePoint Spoofing Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...)
 	NOT-FOR-US: Bot Framework SDK
 CVE-2021-1724 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...)
 	NOT-FOR-US: ASP.NET Core and Visual Studio
 CVE-2021-1722 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1721 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
 	NOT-FOR-US: Microsoft .NET
 CVE-2021-1720
@@ -18517,7 +18519,7 @@ CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability
 CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-1698 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...)
@@ -18635,7 +18637,7 @@ CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique
 CVE-2021-1640
 	RESERVED
 CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...)