[Git][security-tracker-team/security-tracker][master] new mongo-tools issue

Moritz Muehlenhoff jmm at debian.org
Tue Apr 13 08:38:27 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c134c76 by Moritz Muehlenhoff at 2021-04-13T09:38:15+02:00
new mongo-tools issue
new gitlab issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10596,9 +10596,9 @@ CVE-2021-25928
 CVE-2021-25927
 	RESERVED
 CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...)
-	TODO: check
+	NOT-FOR-US: SiCKRAGE
 CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: SiCKRAGE
 CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
 	NOT-FOR-US: GoCD
 CVE-2021-25923
@@ -14937,7 +14937,7 @@ CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for Wh
 CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
 	- hhvm <removed>
 CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: FortiADCManager
 CVE-2021-24023
 	RESERVED
 CVE-2021-24022
@@ -16452,9 +16452,9 @@ CVE-2021-23373
 CVE-2021-23372
 	RESERVED
 CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...)
-	TODO: check
+	NOT-FOR-US: Node chrono-node
 CVE-2021-23370 (This affects the package swiper before 6.5.1. ...)
-	TODO: check
+	NOT-FOR-US: swiper
 CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ...)
 	- node-handlebars <unfixed>
 	- libjs-handlebars <removed>
@@ -19013,7 +19013,7 @@ CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
 CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by  ...)
 	[experimental] - gitlab 13.6.7-1
 	- gitlab <unfixed>
@@ -61786,7 +61786,7 @@ CVE-2020-15944 (An issue was discovered in the Gantt-Chart module before 5.5.5 f
 CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4 for Jir ...)
 	NOT-FOR-US: Gantt-Chart module for Jira
 CVE-2020-15942 (An information disclosure vulnerability in Web Vulnerability Scan prof ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2020-15941
 	RESERVED
 CVE-2020-15940
@@ -84392,7 +84392,8 @@ CVE-2020-7925 (Incorrect validation of user input in the role name parser may le
 	NOTE: https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8 (v3.6.19)
 	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b (v3.6.18)
 CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which was or ...)
-	TODO: check
+	- mongo-tools <unfixed>
+	NOTE: https://jira.mongodb.org/browse/TOOLS-2587
 CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...)
 	{DLA-2344-1}
 	- mongodb <removed>
@@ -109350,7 +109351,7 @@ CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiT
 CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...)
 	NOT-FOR-US: Fortiguard
 CVE-2019-17656 (A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of For ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313) vulnerability in Fo ...)
 	NOT-FOR-US: Fortiguard
 CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c134c768d4fa90834df5472d1a4878912edf989

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c134c768d4fa90834df5472d1a4878912edf989
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210413/992a39d2/attachment.htm>

More information about the debian-security-tracker-commits mailing list