diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-24 11:22:45 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-24 11:22:45 +0100 |
commit | 22b9bd75fd5ccc6c4b29240dc413a5ad3ce9dcfc (patch) | |
tree | fcd96ecedbcd77770ca73a6966275c5e2b261f49 | |
parent | 5d3ce6fe1e7cc30dd7be1a8fa8bdf1b3095ca4bc (diff) |
new chromium issue
NFUs
resolve some TODOs
-rw-r--r-- | data/CVE/2021.list | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 929a9b4761..e01e8ba850 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -14620,7 +14620,8 @@ CVE-2021-38006 CVE-2021-38005 RESERVED CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) - TODO: check + - chromium <unfixed> + [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) @@ -39159,9 +39160,9 @@ CVE-2021-27838 CVE-2021-27837 RESERVED CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in ...) - - r-cran-readxl <undetermined> + - r-cran-readxl <unfixed> (unimportant) NOTE: https://github.com/libxls/libxls/issues/94 - TODO: check + NOTE: Negligible security impact CVE-2021-27835 RESERVED CVE-2021-27834 @@ -42635,7 +42636,6 @@ CVE-2021-26314 (Potential floating point value injection in all supported CPU pr NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). - TODO: check CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...) {DSA-4931-1} - xen 4.14.2+25-gb6a8c4f72d-1 @@ -43541,7 +43541,7 @@ CVE-2021-25988 CVE-2021-25987 RESERVED CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...) - TODO: check + NOT-FOR-US: Django-wiki CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...) NOT-FOR-US: Factor (App Framework & Headless CMS) CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...) @@ -49443,7 +49443,7 @@ CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confu NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453 NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable to Protot ...) - TODO: check + NOT-FOR-US: Node algoliasearch-helper CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...) NOT-FOR-US: Node mootools CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...) @@ -52501,7 +52501,7 @@ CVE-2021-22055 CVE-2021-22054 RESERVED CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...) - TODO: check + NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf CVE-2021-22052 RESERVED CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...) @@ -52547,11 +52547,11 @@ CVE-2021-22032 CVE-2021-22031 RESERVED CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...) - TODO: check + NOT-FOR-US: Greenplum CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...) NOT-FOR-US: VMware CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...) - TODO: check + NOT-FOR-US: Greenplum CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) NOT-FOR-US: VMware CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) |