diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-25 21:23:06 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-25 21:23:06 +0100 |
commit | bca4737976603148157e6a4faf033cfe2af6c49f (patch) | |
tree | 6078b04d485d88345dc112ea8d5281fc21e1df7e | |
parent | 4da1b2a558121f92e0dc7aa69e05a7a121bb9e43 (diff) |
Cleanup some additional whitespaces
-rw-r--r-- | data/CVE/2005.list | 4 | ||||
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2009.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 6 | ||||
-rw-r--r-- | data/CVE/2014.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 6 | ||||
-rw-r--r-- | data/CVE/2016.list | 12 | ||||
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 6 | ||||
-rw-r--r-- | data/CVE/2020.list | 8 | ||||
-rw-r--r-- | data/CVE/2021.list | 4 |
12 files changed, 28 insertions, 28 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index ce410c2a69..e655115ee8 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -4523,7 +4523,7 @@ CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 U NOT-FOR-US: HP Tru64 CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) - ncompress <not-affected> (bug #329052; unimportant) - NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts + NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...) {DSA-843-1} - arc 5.21m-1 (low) @@ -5176,7 +5176,7 @@ CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE NOT-FOR-US: ISS CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 allo ...) {DSA-826-1} - NOTE: see http://www.open-security.org/advisories/13 + NOTE: see http://www.open-security.org/advisories/13 - helix-player 1.0.6-1 (bug #330364; high) CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 al ...) {DSA-1018-1 DSA-1017-1} diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 6ae014d9eb..f092ad18c3 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -14353,7 +14353,7 @@ CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::A CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...) - php5 <removed> (bug #368545; unimportant) - php4 <removed> (bug #368545; unimportant) - NOTE: is this really a vulnerability in pear? it seems it should be a bug + NOTE: is this really a vulnerability in pear? it seems it should be a bug NOTE: in any application not checking for such archives. NOTE: Lack of a security feature is not a vulnerability CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server P ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 843e515f35..08d3154472 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -10499,7 +10499,7 @@ CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi - bugzilla 3.2.4.0-1 (low; bug #514143) [etch] - bugzilla <no-dsa> (Minor issue) [lenny] - bugzilla <no-dsa> (Minor issue) - NOTE: should this really be considered minor? see fedora bug and FSA: + NOTE: should this really be considered minor? See fedora bug and FSA: NOTE: - https://bugzilla.redhat.com/show_bug.cgi?id=494398 NOTE: - https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the Precis ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 8bf4e25296..bc0f675557 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -99,7 +99,7 @@ CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templa NOTE: Fixed by: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 NOTE: All users of pycrypto's AES module in Debian that allow the mode NOTE: of operation to be specified from outside check for ECB explicitly - NOTE: and create the objects without specifying an IV. + NOTE: and create the objects without specifying an IV. CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...) {DSA-3634-1 DLA-577-1} - redis 2:3.2.1-4 (bug #832460) @@ -8851,7 +8851,7 @@ CVE-2013-4170 CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...) - gdm <removed> (unimportant) - gdm3 <not-affected> (Only affected older gdm < 2.21.1) - NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common + NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common CVE-2013-4168 (Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the sta ...) {DLA-348-1} - smokeping 2.6.8-2 (low) @@ -16408,7 +16408,7 @@ CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully l [wheezy] - xrdp <no-dsa> (Minor issue) NOTE: https://github.com/neutrinolabs/xrdp/pull/497 NOTE: When successfully logging in using RDP into a xrdp session, the file - NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the + NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the NOTE: equivalent of the users clear text password, DES encrypted with a known NOTE: key. CVE-2013-1429 (Lintian before 2.5.12 allows remote attackers to gather information ab ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 789e4f0183..ab8fd028d0 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -13038,7 +13038,7 @@ CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug [squeeze] - qemu-kvm <not-affected> (Introduced in 1.7) [wheezy] - qemu-kvm <not-affected> (Introduced in 1.7) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html - NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091 + NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091 CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Schrack Technik microControl CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 7ea1ae1d23..769fbf3063 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1524,7 +1524,7 @@ CVE-2015-8919 (The lha_read_file_extended_header function in archive_read_suppor NOTE: Fixed by https://github.com/libarchive/libarchive/commit/e8a2e4d CVE-2015-8918 (The archive_string_append function in archive_string.c in libarchive b ...) - libarchive <not-affected> (Vulnerable code not in a released version) - NOTE: Introduced in https://github.com/libarchive/libarchive/commit/cf8e67ffc8a2227b63fc6d3d1569b0214f160f54 + NOTE: Introduced in https://github.com/libarchive/libarchive/commit/cf8e67ffc8a2227b63fc6d3d1569b0214f160f54 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/b6ba56037f0da44efebfa271cc4b1a736a74c62f NOTE: https://github.com/libarchive/libarchive/issues/506 CVE-2015-8917 (bsdtar in libarchive before 3.2.0 allows remote attackers to cause a d ...) @@ -7263,7 +7263,7 @@ CVE-2015-7183 (Integer overflow in the PL_ARENA_ALLOCATE implementation in Netsc - virtualbox 5.0.10-dfsg-1 [jessie] - virtualbox 4.3.36-dfsg-1+deb8u1 [wheezy] - virtualbox <no-dsa> (Minor issue, will be fixed when included in next CPU) - NOTE: VirtualBox fixed: 4.0.36, 4.1.44, 4.2.36, 4.3.34, 5.0.10 + NOTE: VirtualBox fixed: 4.0.36, 4.1.44, 4.2.36, 4.3.34, 5.0.10 NOTE: http://hg.mozilla.org/projects/nspr/rev/c9c965b2b19c NOTE: http://hg.mozilla.org/projects/nspr/rev/bd8fb4498fa6 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/ @@ -15273,7 +15273,7 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function NOTE: http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228 CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON (bson-ruby ...) - ruby-bson <not-affected> (corresponding change in ruby-bson not present) - NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219 + NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219 CVE-2015-4411 (The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0 ...) - ruby-bson <not-affected> (corresponding change in ruby-bson not present) NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index a4aa168a30..3e6f99b8d6 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -343,7 +343,7 @@ CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an S [buster] - imapfilter <no-dsa> (Minor issue) [stretch] - imapfilter <no-dsa> (Minor issue) NOTE: https://github.com/lefcha/imapfilter/issues/142 - NOTE: Patch for support for hostname validation (requrires OpenSSL 1.1.0 and later): + NOTE: Patch for support for hostname validation (requrires OpenSSL 1.1.0 and later): NOTE: https://github.com/lefcha/imapfilter/commit/bf2515da752eddd54973adb0853c6aa289e921b6 NOTE: Patch for support for hostname validation (for OpenSSL 1.0.2 and later): NOTE: https://github.com/lefcha/imapfilter/commit/3daa2692e37fc52ce630e39a3fb6faf270c054b1 @@ -4781,7 +4781,7 @@ CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain NOTE: https://sourceforge.net/p/libdwarf/bugs/5/ NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older - NOTE: versions, but there seem to be still back then an unchecked dereference + NOTE: versions, but there seem to be still back then an unchecked dereference NOTE: of val_ptr. CVE-2016-9479 (The "lost password" functionality in b2evolution before 6.7.9 allows r ...) - b2evolution <removed> @@ -12939,7 +12939,7 @@ CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x thro NOTE: https://bugzilla.suse.com/show_bug.cgi?id=998309 NOTE: Fixed in upstream Oracle MySQL 5.5.52, 5.6.33 and 5.7.15 NOTE: MariaDB: https://jira.mariadb.org/browse/MDEV-10465 - NOTE: Fixed in upstream MariaDB 5.5.51, 10.0.27, 10.1.17 + NOTE: Fixed in upstream MariaDB 5.5.51, 10.0.27, 10.1.17 NOTE: PerconaDB: https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/ NOTE: Although Oracle mentions this CVE only to be fixed in 5.5.53 this is not NOTE: true for src:mysql-5.5 as in Debian and other Linux distributions, so @@ -13691,7 +13691,7 @@ CVE-2016-6508 (epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1. NOTE: https://www.wireshark.org/security/wnpa-sec-2016-44.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb - NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13. + NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13. NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3 CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12. ...) {DSA-3648-1 DLA-595-1} @@ -23486,7 +23486,7 @@ CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not p NOTE: http://xenbits.xen.org/xsa/advisory-172.html NOTE: CVE-2016-3159 is for the code change which is applicable for later NOTE: versions only, but which must always be combined with the code change - NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which + NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which NOTE: patches the function fpu_fxrstor. CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...) {DSA-3554-1 DLA-571-1} @@ -23494,7 +23494,7 @@ CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not prop NOTE: http://xenbits.xen.org/xsa/advisory-172.html NOTE: CVE-2016-3158 is for the code change which is required for all NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient - NOTE: on later versions). Ie for the second hunk in xsa172.patch (the only + NOTE: on later versions). Ie for the second hunk in xsa172.patch (the only NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor. CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...) {DSA-3607-1 DLA-516-1} diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 1e11c9b2e6..8257b199ed 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -35731,7 +35731,7 @@ CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows r NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68) NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if - NOTE: the attacker can already be able to connect to the Unix-domain socket + NOTE: the attacker can already be able to connect to the Unix-domain socket NOTE: representing the forwarded agent connection. CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) NOT-FOR-US: webpagetest diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 63aa75498e..9eea06560a 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1657,7 +1657,7 @@ CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom cl CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...) NOT-FOR-US: Core FTP CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...) - NOTE: Short-lived, small memleak, not considered a real bug by upstream + NOTE: Short-lived, small memleak, not considered a real bug by upstream NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539 CVE-2018-20656 RESERVED diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 423fc9ffcf..0d164e4943 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3826,7 +3826,7 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2. NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c1547450748fcbac21675f2681506d2d80351a19 NOTE: Upstream did backport fixes for CVE-2019-19604 to older versions as the introducing NOTE: version for sake of robustness/hardening. In particular, the server-side protection - NOTE: provided by the fsck is useful for protecting unpatched clients that are affected + NOTE: provided by the fsck is useful for protecting unpatched clients that are affected NOTE: by the bug. NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 @@ -22009,14 +22009,14 @@ CVE-2019-12615 (An issue was discovered in get_vdev_port_node_info in arch/sparc - linux 5.2.6-1 (unimportant) NOTE: https://git.kernel.org/linus/80caf43549e7e41a695c6d1e11066286538b336f NOTE: This is a potential null pointer dereference that looks like it can - NOTE: only be invoked by root or the hypervisor. Probably no security impact. + NOTE: only be invoked by root or the hypervisor. Probably no security impact. CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/powerpc/pla ...) - linux 5.3.7-1 (unimportant) [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://lkml.org/lkml/2019/6/3/526 NOTE: This is a potential null pointer dereference that looks like it can - NOTE: only be invoked by root or the hypervisor. Probably no security impact. + NOTE: only be invoked by root or the hypervisor. Probably no security impact. CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...) NOT-FOR-US: SuiteCRM CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 0b77c54aec..9d64d4c27b 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -7805,7 +7805,7 @@ CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib {DSA-4882-1 DLA-2550-1} - openjpeg2 2.4.0-1 NOTE: https://github.com/uclouvain/openjpeg/issues/1293 - NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce (v2.4.0) + NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce (v2.4.0) CVE-2020-27840 (A flaw was found in samba. Spaces used in a string around a domain nam ...) {DSA-4884-1 DLA-2611-1} - ldb 2:2.2.0-3.1 (bug #985936) @@ -38439,7 +38439,7 @@ CVE-2020-14354 (A possible use-after-free and double-free in c-ares lib version [buster] - c-ares <not-affected> (Vulnerable code introduced later) [stretch] - c-ares <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866838 - NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0) + NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0) NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1) CVE-2020-14353 REJECTED @@ -39664,7 +39664,7 @@ CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create t NOTE: When fixing this issue make sure to use a complete fix and not open up NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing NOTE: JMX re-bind). - NOTE: Fixed by: https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12) + NOTE: Fixed by: https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12) NOTE: Followup needed: https://github.com/apache/activemq/commit/0d6e5f240ef34bae2e4089102047593bef628e6c (activemq-5.15.13) CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...) NOT-FOR-US: Ruckus Wireless Unleashed @@ -46951,7 +46951,7 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of- [buster] - freerdp2 <no-dsa> (Minor issue) - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q - NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) {DLA-2356-1} diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 537f79c08b..0f63c2482e 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -16559,7 +16559,7 @@ CVE-2021-3658 [bullseye] - bluez <no-dsa> (Minor issue) [buster] - bluez <no-dsa> (Minor issue) [stretch] - bluez <not-affected> (Vulnerable code introduced later) - NOTE: Introduced by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07 (5.51) + NOTE: Introduced by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07 (5.51) NOTE: Fixed by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...) NOT-FOR-US: QSAN Storage Manager @@ -30064,7 +30064,7 @@ CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard comp NOTE: Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b NOTE: Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4 - NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly + NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly NOTE: cookie, introducing the specific CVE-2021-3509 issue. CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...) NOT-FOR-US: Trend Micro |