diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-02-26 13:01:22 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-02-26 13:10:06 +0100 |
commit | f134bb87d402eafe5517ec55db94bfa6befbc2c7 (patch) | |
tree | 9bdbf044dc5fa90fe71f30bf6f33c21fc8ef66ed | |
parent | 2cc7e61280e744cfef2456bc60df3dda6694ead8 (diff) |
new mongo-java-driver issue
NFUs
-rw-r--r-- | data/CVE/2020.list | 6 | ||||
-rw-r--r-- | data/CVE/2021.list | 118 |
2 files changed, 63 insertions, 61 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2c2257e195..97c19355ba 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -8489,7 +8489,7 @@ CVE-2020-27226 CVE-2020-27225 RESERVED CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...) - TODO: check + NOT-FOR-US: Eclipse Theia CVE-2020-27223 RESERVED CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...) @@ -29684,7 +29684,7 @@ CVE-2020-17164 CVE-2020-17163 RESERVED CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2020-17161 RESERVED CVE-2020-17160 @@ -51658,7 +51658,7 @@ CVE-2020-8299 CVE-2020-8298 RESERVED CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) - TODO: check + NOT-FOR-US: Nextcloud Deck CVE-2020-8296 RESERVED CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 6c91b90804..b95551f8aa 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -2229,9 +2229,9 @@ CVE-2021-26703 CVE-2021-26702 RESERVED CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-26699 RESERVED CVE-2021-26698 @@ -5866,7 +5866,7 @@ CVE-2021-3147 CVE-2021-25196 RESERVED CVE-2021-25195 (Windows PKU2U Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-25194 RESERVED CVE-2021-25193 @@ -8063,103 +8063,103 @@ CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used - botan1.10 <removed> NOTE: https://github.com/randombit/botan/pull/2549 CVE-2021-24114 (Microsoft Teams iOS Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24113 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24112 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24111 (.NET Framework Denial of Service Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24110 RESERVED CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24108 RESERVED CVE-2021-24107 RESERVED CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24104 RESERVED CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24101 (Microsoft Dataverse Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24100 (Microsoft Edge for Android Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24099 (Skype for Business and Lync Denial of Service Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24097 RESERVED CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24095 RESERVED CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24090 RESERVED CVE-2021-24089 RESERVED CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24087 (Azure IoT CLI extension Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24086 (Windows TCP/IP Denial of Service Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24085 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24084 (Windows Mobile Device Management Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24083 (Windows Address Book Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24082 (Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulne ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24081 (Microsoft Windows Codecs Library Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24080 (Windows Trust Verification API Denial of Service Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24079 (Windows Backup Engine Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24078 (Windows DNS Server Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24077 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24076 (Microsoft Windows VMSwitch Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24075 (Windows Network File System Denial of Service Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24074 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24073 (Skype for Business and Lync Spoofing Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24072 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24071 (Microsoft SharePoint Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24070 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24069 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24068 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24067 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24066 (Microsoft SharePoint Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-24065 RESERVED CVE-2021-24064 @@ -13082,7 +13082,7 @@ CVE-2021-21726 CVE-2021-21725 RESERVED CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...) - TODO: check + NOT-FOR-US: ZTE CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...) NOT-FOR-US: ZTE CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The ...) @@ -16060,7 +16060,9 @@ CVE-2021-20330 CVE-2021-20329 RESERVED CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...) - TODO: check + - mongo-java-driver <unfixed> + NOTE: https://jira.mongodb.org/browse/JAVA-4017 + NOTE: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234 CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...) TODO: check CVE-2021-20326 @@ -18445,31 +18447,31 @@ CVE-2021-1736 CVE-2021-1735 RESERVED CVE-2021-1734 (Windows Remote Procedure Call Information Disclosure Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1731 (PFX Encryption Security Feature Bypass Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1730 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1729 RESERVED CVE-2021-1728 (System Center Operations Manager Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1726 (Microsoft SharePoint Spoofing Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...) NOT-FOR-US: Bot Framework SDK CVE-2021-1724 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...) NOT-FOR-US: ASP.NET Core and Visual Studio CVE-2021-1722 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1721 (.NET Core and Visual Studio Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft .NET CVE-2021-1720 @@ -18517,7 +18519,7 @@ CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1698 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...) @@ -18635,7 +18637,7 @@ CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique CVE-2021-1640 RESERVED CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...) |