diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-04-29 20:10:24 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-04-29 20:10:24 +0000 |
commit | 479aab6f46c8ed1c7de0549193783068a380431a (patch) | |
tree | 2b2216c8171264d097c82b0a82234a455a5335e5 /data | |
parent | c74437be24031d77f3c02f568ab48ca5a2906e0d (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 492 |
1 files changed, 290 insertions, 202 deletions
diff --git a/data/CVE/list b/data/CVE/list index ef4e6abbc3..e4434d9a91 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,81 @@ +CVE-2021-31918 + RESERVED +CVE-2021-31917 + RESERVED +CVE-2021-31916 + RESERVED +CVE-2021-31915 + RESERVED +CVE-2021-31914 + RESERVED +CVE-2021-31913 + RESERVED +CVE-2021-31912 + RESERVED +CVE-2021-31911 + RESERVED +CVE-2021-31910 + RESERVED +CVE-2021-31909 + RESERVED +CVE-2021-31908 + RESERVED +CVE-2021-31907 + RESERVED +CVE-2021-31906 + RESERVED +CVE-2021-31905 + RESERVED +CVE-2021-31904 + RESERVED +CVE-2021-31903 + RESERVED +CVE-2021-31902 + RESERVED +CVE-2021-31901 + RESERVED +CVE-2021-31900 + RESERVED +CVE-2021-31899 + RESERVED +CVE-2021-31898 + RESERVED +CVE-2021-31897 + RESERVED +CVE-2021-31896 + RESERVED +CVE-2021-31895 + RESERVED +CVE-2021-31894 + RESERVED +CVE-2021-31893 + RESERVED +CVE-2021-31892 + RESERVED +CVE-2021-31891 + RESERVED +CVE-2021-31890 + RESERVED +CVE-2021-31889 + RESERVED +CVE-2021-31888 + RESERVED +CVE-2021-31887 + RESERVED +CVE-2021-31886 + RESERVED +CVE-2021-31885 + RESERVED +CVE-2021-31884 + RESERVED +CVE-2021-31883 + RESERVED +CVE-2021-31882 + RESERVED +CVE-2021-31881 + RESERVED +CVE-2021-31880 + RESERVED CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...) - wget <unfixed> NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html @@ -1020,50 +1098,50 @@ CVE-2021-31440 RESERVED CVE-2021-31439 RESERVED -CVE-2021-31438 - RESERVED -CVE-2021-31437 - RESERVED -CVE-2021-31436 - RESERVED -CVE-2021-31435 - RESERVED -CVE-2021-31434 - RESERVED -CVE-2021-31433 - RESERVED -CVE-2021-31432 - RESERVED -CVE-2021-31431 - RESERVED -CVE-2021-31430 - RESERVED -CVE-2021-31429 - RESERVED -CVE-2021-31428 - RESERVED -CVE-2021-31427 - RESERVED -CVE-2021-31426 - RESERVED -CVE-2021-31425 - RESERVED -CVE-2021-31424 - RESERVED -CVE-2021-31423 - RESERVED -CVE-2021-31422 - RESERVED -CVE-2021-31421 - RESERVED -CVE-2021-31420 - RESERVED -CVE-2021-31419 - RESERVED -CVE-2021-31418 - RESERVED -CVE-2021-31417 - RESERVED +CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...) + TODO: check +CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check CVE-2021-3501 [userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run] RESERVED - linux <unfixed> @@ -3620,28 +3698,28 @@ CVE-2021-30236 RESERVED CVE-2021-30235 RESERVED -CVE-2021-30234 - RESERVED -CVE-2021-30233 - RESERVED -CVE-2021-30232 - RESERVED -CVE-2021-30231 - RESERVED -CVE-2021-30230 - RESERVED -CVE-2021-30229 - RESERVED -CVE-2021-30228 - RESERVED -CVE-2021-30227 - RESERVED +CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...) + TODO: check +CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...) + TODO: check +CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...) + TODO: check +CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...) + TODO: check +CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...) + TODO: check +CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...) + TODO: check +CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...) + TODO: check +CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...) + TODO: check CVE-2021-30226 RESERVED CVE-2021-30225 RESERVED -CVE-2021-30224 - RESERVED +CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...) + TODO: check CVE-2021-30223 RESERVED CVE-2021-30222 @@ -3650,10 +3728,10 @@ CVE-2021-30221 RESERVED CVE-2021-30220 RESERVED -CVE-2021-30219 - RESERVED -CVE-2021-30218 - RESERVED +CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...) + TODO: check +CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...) + TODO: check CVE-2021-30217 RESERVED CVE-2021-30216 @@ -4097,8 +4175,8 @@ CVE-2021-30050 RESERVED CVE-2021-30049 RESERVED -CVE-2021-30048 - RESERVED +CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...) + TODO: check CVE-2021-30047 RESERVED CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) @@ -4139,8 +4217,8 @@ CVE-2021-30029 RESERVED CVE-2021-30028 RESERVED -CVE-2021-30027 - RESERVED +CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...) + TODO: check CVE-2021-30026 RESERVED CVE-2021-30025 @@ -5409,6 +5487,7 @@ CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1 CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...) + {DSA-4907-1} - composer 2.0.9-2 NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf @@ -5749,8 +5828,8 @@ CVE-2021-29352 RESERVED CVE-2021-29351 RESERVED -CVE-2021-29350 - RESERVED +CVE-2021-29350 (SQL injection in the getip function in conn/function.php in 发&# ...) + TODO: check CVE-2021-29349 (Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that all ...) - mahara <removed> CVE-2021-29348 @@ -6206,28 +6285,28 @@ CVE-2021-29149 RESERVED CVE-2021-29148 RESERVED -CVE-2021-29147 - RESERVED -CVE-2021-29146 - RESERVED -CVE-2021-29145 - RESERVED -CVE-2021-29144 - RESERVED +CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check +CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + TODO: check +CVE-2021-29145 (A remote server side request forgery (SSRF) remote code execution vuln ...) + TODO: check +CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...) + TODO: check CVE-2021-29143 RESERVED -CVE-2021-29142 - RESERVED -CVE-2021-29141 - RESERVED -CVE-2021-29140 - RESERVED -CVE-2021-29139 - RESERVED -CVE-2021-29138 - RESERVED -CVE-2021-29137 - RESERVED +CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + TODO: check +CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...) + TODO: check +CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was discovered in Aru ...) + TODO: check +CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + TODO: check +CVE-2021-29138 (A remote disclosure of privileged information vulnerability was discov ...) + TODO: check +CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba AirWave ...) + TODO: check CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...) - umoci 0.4.7+ds-1 [buster] - umoci <no-dsa> (Minor issue) @@ -6768,8 +6847,8 @@ CVE-2021-28901 RESERVED CVE-2021-28900 RESERVED -CVE-2021-28899 - RESERVED +CVE-2021-28899 (Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileS ...) + TODO: check CVE-2021-28898 RESERVED CVE-2021-28897 @@ -8122,8 +8201,8 @@ CVE-2021-28282 RESERVED CVE-2021-28281 RESERVED -CVE-2021-28280 - RESERVED +CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFu ...) + TODO: check CVE-2021-28279 RESERVED CVE-2021-28278 @@ -8274,6 +8353,7 @@ CVE-2021-28212 RESERVED CVE-2021-28211 [possible heap corruption with LzmaUefiDecompressGetInfo] RESERVED + {DLA-2645-1} - edk2 2020.11-1 [buster] - edk2 <no-dsa> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816 @@ -8281,6 +8361,7 @@ CVE-2021-28211 [possible heap corruption with LzmaUefiDecompressGetInfo] NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0 CVE-2021-28210 [unlimited FV recursion, round 2] RESERVED + {DLA-2645-1} - edk2 2020.11-1 [buster] - edk2 <no-dsa> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 @@ -9357,7 +9438,7 @@ CVE-2021-27805 CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...) - jpeg-xl <itp> (bug #948862) CVE-2021-27802 - RESERVED + REJECTED CVE-2021-27801 RESERVED CVE-2021-27800 @@ -9688,8 +9769,8 @@ CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega pl NOT-FOR-US: Pega CVE-2021-27652 RESERVED -CVE-2021-27651 - RESERVED +CVE-2021-27651 (In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset f ...) + TODO: check CVE-2021-3415 RESERVED CVE-2021-27650 @@ -14276,12 +14357,12 @@ CVE-2021-25814 RESERVED CVE-2021-25813 RESERVED -CVE-2021-25812 - RESERVED -CVE-2021-25811 - RESERVED -CVE-2021-25810 - RESERVED +CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 v ...) + TODO: check +CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a craf ...) + TODO: check +CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...) + TODO: check CVE-2021-25809 RESERVED CVE-2021-25808 @@ -15810,16 +15891,16 @@ CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo NOT-FOR-US: HPE CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE -CVE-2021-25167 - RESERVED -CVE-2021-25166 - RESERVED +CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in Aruba Air ...) + TODO: check +CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in Aruba Air ...) + TODO: check CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba -CVE-2021-25163 - RESERVED +CVE-2021-25163 (A remote XML external entity vulnerability was discovered in Aruba Air ...) + TODO: check CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...) @@ -25170,15 +25251,15 @@ CVE-2021-21419 RESERVED CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...) NOT-FOR-US: PrestaShop -CVE-2021-21417 - RESERVED +CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...) + TODO: check CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...) - python-django-registration <unfixed> (bug #987366) [stretch] - python-django-registration <no-dsa> (Minor issue) NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c -CVE-2021-21415 - RESERVED +CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files. This is a R ...) + TODO: check CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As of today ...) NOT-FOR-US: Prisma CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...) @@ -25245,8 +25326,8 @@ CVE-2021-21390 (MinIO is an open-source high performance object storage service NOT-FOR-US: MinIO CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...) NOT-FOR-US: BuddyPress WordPress plugin -CVE-2021-21388 - RESERVED +CVE-2021-21388 (systeminformation is an open source system and OS information library ...) + TODO: check CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...) NOT-FOR-US: Wrongthink CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...) @@ -28037,8 +28118,7 @@ CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A cra CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3] RESERVED - qemu <not-affected> (RHEL 8.3 specific security regression) -CVE-2021-20294 - RESERVED +CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is ...) - binutils <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929 NOTE: binutils not covered by security support @@ -28373,8 +28453,7 @@ CVE-2021-20230 (A flaw was found in stunnel before 5.57, where it improperly val CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2, before 12.6, b ...) - postgresql-13 13.2-1 NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ -CVE-2021-20228 [basic.py no_log with fallback option] - RESERVED +CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...) - ansible 2.10.7+merged+base+2.10.8+dfsg-1 - ansible-base <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002 @@ -28793,18 +28872,18 @@ CVE-2021-20097 RESERVED CVE-2021-20096 RESERVED -CVE-2021-20095 - RESERVED +CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbi ...) + TODO: check CVE-2021-20094 RESERVED CVE-2021-20093 RESERVED -CVE-2021-20092 - RESERVED -CVE-2021-20091 - RESERVED -CVE-2021-20090 - RESERVED +CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...) + TODO: check +CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...) + TODO: check +CVE-2021-20090 (A path traversal vulnerability in the web interfaces of Buffalo WSR-25 ...) + TODO: check CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) NOT-FOR-US: purl javascript URL parser (different from src:purl) CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) @@ -29381,8 +29460,8 @@ CVE-2020-35432 RESERVED CVE-2020-35431 RESERVED -CVE-2020-35430 - RESERVED +CVE-2020-35430 (SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemCon ...) + TODO: check CVE-2020-35429 RESERVED CVE-2020-35428 @@ -34531,14 +34610,14 @@ CVE-2021-1506 RESERVED CVE-2021-1505 RESERVED -CVE-2021-1504 - RESERVED +CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...) + TODO: check CVE-2021-1503 RESERVED CVE-2021-1502 RESERVED -CVE-2021-1501 - RESERVED +CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...) + TODO: check CVE-2021-1500 RESERVED CVE-2021-1499 @@ -34549,22 +34628,22 @@ CVE-2021-1497 RESERVED CVE-2021-1496 RESERVED -CVE-2021-1495 - RESERVED +CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) + TODO: check CVE-2021-1494 RESERVED -CVE-2021-1493 - RESERVED +CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) + TODO: check CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...) NOT-FOR-US: Duo Authentication Proxy CVE-2021-1491 RESERVED CVE-2021-1490 RESERVED -CVE-2021-1489 - RESERVED -CVE-2021-1488 - RESERVED +CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...) + TODO: check +CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...) + TODO: check CVE-2021-1487 RESERVED CVE-2021-1486 @@ -34585,10 +34664,10 @@ CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could a NOT-FOR-US: Cisco CVE-2021-1478 RESERVED -CVE-2021-1477 - RESERVED -CVE-2021-1476 - RESERVED +CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...) + TODO: check +CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...) + TODO: check CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...) NOT-FOR-US: Cisco CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...) @@ -34623,14 +34702,14 @@ CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 8 NOT-FOR-US: Cisco CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco -CVE-2021-1458 - RESERVED -CVE-2021-1457 - RESERVED -CVE-2021-1456 - RESERVED -CVE-2021-1455 - RESERVED +CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check +CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + TODO: check CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...) NOT-FOR-US: Cisco CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...) @@ -34643,14 +34722,14 @@ CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel o NOT-FOR-US: Cisco CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...) NOT-FOR-US: Cisco -CVE-2021-1448 - RESERVED +CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) + TODO: check CVE-2021-1447 RESERVED CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...) NOT-FOR-US: Cisco -CVE-2021-1445 - RESERVED +CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...) + TODO: check CVE-2021-1444 RESERVED CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) @@ -34741,8 +34820,8 @@ CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (Clam NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) NOT-FOR-US: Cisco -CVE-2021-1402 - RESERVED +CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...) + TODO: check CVE-2021-1401 RESERVED CVE-2021-1400 @@ -34807,8 +34886,8 @@ CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE NOT-FOR-US: Cisco CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...) NOT-FOR-US: Cisco -CVE-2021-1369 - RESERVED +CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...) + TODO: check CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) NOT-FOR-US: Cisco CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...) @@ -35033,8 +35112,8 @@ CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secu NOT-FOR-US: Cisco CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...) NOT-FOR-US: Cisco -CVE-2021-1256 - RESERVED +CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) + TODO: check CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2021-1254 @@ -35525,22 +35604,22 @@ CVE-2021-1089 RESERVED CVE-2021-1088 RESERVED -CVE-2021-1087 - RESERVED -CVE-2021-1086 - RESERVED -CVE-2021-1085 - RESERVED -CVE-2021-1084 - RESERVED -CVE-2021-1083 - RESERVED -CVE-2021-1082 - RESERVED -CVE-2021-1081 - RESERVED -CVE-2021-1080 - RESERVED +CVE-2021-1087 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) + TODO: check +CVE-2021-1086 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) + TODO: check +CVE-2021-1085 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) + TODO: check +CVE-2021-1084 (NVIDIA vGPU driver contains a vulnerability in the guest kernel mode d ...) + TODO: check +CVE-2021-1083 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) + TODO: check +CVE-2021-1082 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + TODO: check +CVE-2021-1081 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) + TODO: check +CVE-2021-1080 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + TODO: check CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...) NOT-FOR-US: NVIDIA CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...) @@ -44916,7 +44995,7 @@ CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel's [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and including ...) - {DLA-2512-1} + {DSA-4908-1 DLA-2512-1} - libhibernate3-java 3.6.10.Final-11 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353 NOTE: Fixed by https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78 @@ -51015,10 +51094,10 @@ CVE-2020-22810 RESERVED CVE-2020-22809 RESERVED -CVE-2020-22808 - RESERVED -CVE-2020-22807 - RESERVED +CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulne ...) + TODO: check +CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection in the c ...) + TODO: check CVE-2020-22806 RESERVED CVE-2020-22805 @@ -52629,8 +52708,8 @@ CVE-2020-22004 RESERVED CVE-2020-22003 RESERVED -CVE-2020-22002 - RESERVED +CVE-2020-22002 (An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability ex ...) + TODO: check CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulnerabili ...) NOT-FOR-US: HomeAutomation CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...) @@ -52639,22 +52718,22 @@ CVE-2020-21999 RESERVED CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...) NOT-FOR-US: HomeAutomation -CVE-2020-21997 - RESERVED +CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated da ...) + TODO: check CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot comm ...) NOT-FOR-US: AVE DOMINAplus -CVE-2020-21995 - RESERVED +CVE-2020-21995 (Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardc ...) + TODO: check CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclos ...) NOT-FOR-US: AVE DOMINAplus CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the GET param ...) NOT-FOR-US: WEMS Limited Enterprise Manager -CVE-2020-21992 - RESERVED +CVE-2020-21992 (Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an au ...) + TODO: check CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulne ...) NOT-FOR-US: AVE DOMINAplus -CVE-2020-21990 - RESERVED +CVE-2020-21990 (Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0. ...) + TODO: check CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...) NOT-FOR-US: HomeAutomation CVE-2020-21988 @@ -53732,8 +53811,8 @@ CVE-2020-21454 RESERVED CVE-2020-21453 RESERVED -CVE-2020-21452 - RESERVED +CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an upload vulner ...) + TODO: check CVE-2020-21451 RESERVED CVE-2020-21450 @@ -54434,8 +54513,8 @@ CVE-2020-21103 RESERVED CVE-2020-21102 RESERVED -CVE-2020-21101 - RESERVED +CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versio ...) + TODO: check CVE-2020-21100 RESERVED CVE-2020-21099 @@ -60595,8 +60674,8 @@ CVE-2020-18034 RESERVED CVE-2020-18033 RESERVED -CVE-2020-18032 - RESERVED +CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...) + TODO: check CVE-2020-18031 RESERVED CVE-2020-18030 @@ -122346,10 +122425,12 @@ CVE-2019-14589 CVE-2019-14588 RESERVED CVE-2019-14587 (Logic issue EDK II may allow an unauthenticated user to potentially en ...) + {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 <end-of-life> (non-free) CVE-2019-14586 (Use after free vulnerability in EDK II may allow an authenticated user ...) + {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 <end-of-life> (non-free) @@ -122357,6 +122438,7 @@ CVE-2019-14585 RESERVED CVE-2019-14584 RESERVED + {DLA-2645-1} - edk2 2020.11-1 (bug #977300) [buster] - edk2 0~20181115.85588389-3+deb10u3 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914 @@ -122378,6 +122460,7 @@ CVE-2019-14577 CVE-2019-14576 RESERVED CVE-2019-14575 (Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ...) + {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 (low; bug #952935) [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 <end-of-life> (non-free) @@ -122405,12 +122488,14 @@ CVE-2019-14565 (Insufficient initialization in Intel(R) SGX SDK Windows versions CVE-2019-14564 RESERVED CVE-2019-14563 (Integer truncation in EDK II may allow an authenticated user to potent ...) + {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 (low; bug #952934) [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 <end-of-life> (non-free) NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001 CVE-2019-14562 (Integer overflow in DxeImageVerificationHandler() EDK II may allow an ...) + {DLA-2645-1} - edk2 2020.05-4 (bug #968819) [buster] - edk2 0~20181115.85588389-3+deb10u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245 @@ -122425,12 +122510,14 @@ CVE-2019-14560 [GetEfiGlobalVariable2() return value not checked] [stretch] - edk2 <no-dsa> (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2167 CVE-2019-14559 (Uncontrolled resource consumption in EDK II may allow an unauthenticat ...) + {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 (bug #952926; low) [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 <end-of-life> (non-free) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031 CVE-2019-14558 (Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ...) + {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 <end-of-life> (non-free) @@ -165954,6 +166041,7 @@ CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) Bro CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors may a ...) NOT-FOR-US: F5 CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...) + {DLA-2645-1} - edk2 0~20180803.dd4cae4d-1 (low) [jessie] - edk2 <end-of-life> (non-free) NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359 |