diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-04-30 08:10:17 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-04-30 08:10:17 +0000 |
| commit | 89fbe4c7a2fe5d64448ccdf989f9a981a05e6863 (patch) | |
| tree | 041081c35bfc84e91b9623bb2c85d2b259b46e1d /data | |
| parent | d79ee2b3396cb8d4261ac368e7b83683b4fb9f46 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/data/CVE/list b/data/CVE/list index bf4a6c96de..b6daaeac00 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2021-3523 + RESERVED +CVE-2021-31921 + RESERVED +CVE-2021-31920 + RESERVED +CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...) + TODO: check CVE-2021-31918 RESERVED NOT-FOR-US: tripleo-ansible @@ -93,23 +101,19 @@ CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously form NOT-FOR-US: Cesanta MongooseOS mJS CVE-2021-31874 RESERVED -CVE-2021-31873 [malloc: Fail if requested size > PTRDIFF_MAX] - RESERVED +CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...) - klibc 2.0.8-6 [buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data) NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202 -CVE-2021-31872 [cpio: Fix possible integer overflow on 32-bit systems] - RESERVED +CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...) - klibc 2.0.8-6 [buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data) NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff -CVE-2021-31871 [cpio: Fix possible crash on 64-bit systems] - RESERVED +CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...) - klibc 2.0.8-6 [buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data) NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5 -CVE-2021-31870 [calloc: Fail if multiplication overflows] - RESERVED +CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...) - klibc 2.0.8-6 [buster] - klibc <no-dsa> (Minor issue; only used in initramfs and not dealing with untrusted data) NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 @@ -5466,8 +5470,8 @@ CVE-2021-29486 RESERVED CVE-2021-29485 RESERVED -CVE-2021-29484 - RESERVED +CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...) + TODO: check CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' ...) NOT-FOR-US: ManageWiki MediaWiki extension CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...) @@ -5527,8 +5531,8 @@ CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when NOTE: https://github.com/NodeRedis/node-redis/issues/1569 NOTE: https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3 NOTE: https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e -CVE-2021-29468 - RESERVED +CVE-2021-29468 (Cygwin Git is a patch set for the git command line tool for the cygwin ...) + TODO: check CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...) NOT-FOR-US: Wrongthink CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions of Di ...) @@ -60626,8 +60630,8 @@ CVE-2020-18072 RESERVED CVE-2020-18071 RESERVED -CVE-2020-18070 - RESERVED +CVE-2020-18070 (Path Traversal in iCMS v7.0.13 allows remote attackers to delete folde ...) + TODO: check CVE-2020-18069 RESERVED CVE-2020-18068 @@ -60696,8 +60700,8 @@ CVE-2020-18037 RESERVED CVE-2020-18036 RESERVED -CVE-2020-18035 - RESERVED +CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to ...) + TODO: check CVE-2020-18034 RESERVED CVE-2020-18033 @@ -67278,8 +67282,8 @@ CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3. NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...) - glpi <removed> -CVE-2020-15225 - RESERVED +CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...) + TODO: check CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...) NOT-FOR-US: Open Enclave CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...) |