[Git][security-tracker-team/security-tracker][master] new mongo-java-driver issue
Moritz Muehlenhoff
jmm at debian.org
Fri Feb 26 12:10:19 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76bc4f69 by Moritz Muehlenhoff at 2021-02-26T13:10:06+01:00
new mongo-java-driver issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2287,9 +2287,9 @@ CVE-2021-26703
CVE-2021-26702
RESERVED
CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-26699
RESERVED
CVE-2021-26698
@@ -6091,7 +6091,7 @@ CVE-2021-3147
CVE-2021-25196
RESERVED
CVE-2021-25195 (Windows PKU2U Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-25194
RESERVED
CVE-2021-25193
@@ -8288,103 +8288,103 @@ CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used
- botan1.10 <removed>
NOTE: https://github.com/randombit/botan/pull/2549
CVE-2021-24114 (Microsoft Teams iOS Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24113 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24112 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24111 (.NET Framework Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24110
RESERVED
CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24108
RESERVED
CVE-2021-24107
RESERVED
CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24104
RESERVED
CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24101 (Microsoft Dataverse Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24100 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24099 (Skype for Business and Lync Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24097
RESERVED
CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24095
RESERVED
CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24090
RESERVED
CVE-2021-24089
RESERVED
CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24087 (Azure IoT CLI extension Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24086 (Windows TCP/IP Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24085 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24084 (Windows Mobile Device Management Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24083 (Windows Address Book Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24082 (Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24081 (Microsoft Windows Codecs Library Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24080 (Windows Trust Verification API Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24079 (Windows Backup Engine Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24078 (Windows DNS Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24077 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24076 (Microsoft Windows VMSwitch Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24075 (Windows Network File System Denial of Service Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24074 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24073 (Skype for Business and Lync Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24072 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24071 (Microsoft SharePoint Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24070 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24069 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24068 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24067 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24066 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-24065
RESERVED
CVE-2021-24064
@@ -13444,7 +13444,7 @@ CVE-2021-21726
CVE-2021-21725
RESERVED
CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...)
NOT-FOR-US: ZTE
CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The ...)
@@ -17824,7 +17824,9 @@ CVE-2021-20330
CVE-2021-20329
RESERVED
CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
- TODO: check
+ - mongo-java-driver <unfixed>
+ NOTE: https://jira.mongodb.org/browse/JAVA-4017
+ NOTE: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
TODO: check
CVE-2021-20326
@@ -21802,31 +21804,31 @@ CVE-2020-29489 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0
CVE-2021-1735
RESERVED
CVE-2021-1734 (Windows Remote Procedure Call Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1731 (PFX Encryption Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1730 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1729
RESERVED
CVE-2021-1728 (System Center Operations Manager Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1726 (Microsoft SharePoint Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...)
NOT-FOR-US: Bot Framework SDK
CVE-2021-1724 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...)
NOT-FOR-US: ASP.NET Core and Visual Studio
CVE-2021-1722 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1721 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
NOT-FOR-US: Microsoft .NET
CVE-2021-1720
@@ -21874,7 +21876,7 @@ CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-1698 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...)
@@ -21992,7 +21994,7 @@ CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique
CVE-2021-1640
RESERVED
CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...)
@@ -30570,7 +30572,7 @@ CVE-2020-27226
CVE-2020-27225
RESERVED
CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...)
- TODO: check
+ NOT-FOR-US: Eclipse Theia
CVE-2020-27223
RESERVED
CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
@@ -51873,7 +51875,7 @@ CVE-2020-17164
CVE-2020-17163
RESERVED
CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17161
RESERVED
CVE-2020-17160
@@ -76229,7 +76231,7 @@ CVE-2020-8299
CVE-2020-8298
RESERVED
CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Deck
CVE-2020-8296
RESERVED
CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76bc4f695b39bc459174a67b0a5074b7f2205d38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76bc4f695b39bc459174a67b0a5074b7f2205d38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210226/7d583b1b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list