diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-01-11 20:10:23 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-11 20:10:23 +0000 |
| commit | 2d52afdd5c35123bf785f54361ae6fe0f1218580 (patch) | |
| tree | 996748ebc7c414976798d953baa87ae40f9461f8 | |
| parent | 7ebb0bf076ec6ac2dad80ef687380b3870647dbc (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2018.list | 52 | ||||
| -rw-r--r-- | data/CVE/2019.list | 4 | ||||
| -rw-r--r-- | data/CVE/2020.list | 106 | ||||
| -rw-r--r-- | data/CVE/2021.list | 8 |
4 files changed, 86 insertions, 84 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 509624843c..bba96fd003 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -26659,8 +26659,8 @@ CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not che NOT-FOR-US: FileDownloader CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require authenticat ...) NOT-FOR-US: SAP -CVE-2018-11246 - RESERVED +CVE-2018-11246 (K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory ...) + TODO: check CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex ...) NOT-FOR-US: MISP CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch of an H ...) @@ -27234,18 +27234,18 @@ CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd NOT-FOR-US: ruibaby Halo CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to Front ...) NOT-FOR-US: ruibaby Halo -CVE-2018-11010 - RESERVED -CVE-2018-11009 - RESERVED -CVE-2018-11008 - RESERVED -CVE-2018-11007 - RESERVED -CVE-2018-11006 - RESERVED -CVE-2018-11005 - RESERVED +CVE-2018-11010 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...) + TODO: check +CVE-2018-11009 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...) + TODO: check +CVE-2018-11008 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...) + TODO: check +CVE-2018-11007 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium ...) + TODO: check +CVE-2018-11006 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...) + TODO: check +CVE-2018-11005 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium ...) + TODO: check CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery (CSR ...) NOT-FOR-US: SDcms CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CS ...) @@ -31585,10 +31585,10 @@ CVE-2018-9335 (The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7 NOT-FOR-US: PAN-OS CVE-2018-9334 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...) NOT-FOR-US: PAN-OS -CVE-2018-9333 - RESERVED -CVE-2018-9332 - RESERVED +CVE-2018-9333 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buff ...) + TODO: check +CVE-2018-9332 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: In ...) + TODO: check CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote attac ...) NOT-FOR-US: zzcms CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by t ...) @@ -33272,12 +33272,12 @@ CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows NOT-FOR-US: Kontena CVE-2018-8727 (Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earli ...) NOT-FOR-US: Path Traversal in Gateway in Mirasys DVMS Workstation -CVE-2018-8726 - RESERVED -CVE-2018-8725 - RESERVED -CVE-2018-8724 - RESERVED +CVE-2018-8726 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buff ...) + TODO: check +CVE-2018-8725 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Bu ...) + TODO: check +CVE-2018-8724 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Inco ...) + TODO: check CVE-2018-8723 RESERVED CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multip ...) @@ -34724,8 +34724,8 @@ CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 bef NOT-FOR-US: Sencha CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...) NOT-FOR-US: Joomla! -CVE-2018-8044 - RESERVED +CVE-2018-8044 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Inco ...) + TODO: check CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...) - linux 4.16.5-1 (unimportant) [jessie] - linux <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index b3d6a04fcd..306dce5ca5 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -46153,8 +46153,8 @@ CVE-2019-3407 RESERVED CVE-2019-3406 RESERVED -CVE-2019-3405 - RESERVED +CVE-2019-3405 (In the 3.1.3.64296 and lower version of 360F5, the third party can tri ...) + TODO: check CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...) NOT-FOR-US: ofrouter CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 7065f2da12..d7df1fc716 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1062,8 +1062,8 @@ CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639 -CVE-2020-35701 - RESERVED +CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...) + TODO: check CVE-2020-35700 RESERVED CVE-2020-35699 @@ -1596,8 +1596,8 @@ CVE-2020-35485 RESERVED CVE-2020-35484 RESERVED -CVE-2020-35483 - RESERVED +CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on a system ...) + TODO: check CVE-2020-35482 RESERVED CVE-2020-35481 @@ -7928,20 +7928,20 @@ CVE-2020-27295 RESERVED CVE-2020-27294 RESERVED -CVE-2020-27293 - RESERVED +CVE-2020-27293 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type conf ...) + TODO: check CVE-2020-27292 RESERVED -CVE-2020-27291 - RESERVED +CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...) + TODO: check CVE-2020-27290 RESERVED -CVE-2020-27289 - RESERVED +CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null poin ...) + TODO: check CVE-2020-27288 RESERVED -CVE-2020-27287 - RESERVED +CVE-2020-27287 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...) + TODO: check CVE-2020-27286 RESERVED CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior to 3119 ...) @@ -7952,20 +7952,20 @@ CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3. NOT-FOR-US: Crimson CVE-2020-27282 RESERVED -CVE-2020-27281 - RESERVED +CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics CNCSoft S ...) + TODO: check CVE-2020-27280 RESERVED CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...) NOT-FOR-US: Crimson CVE-2020-27278 RESERVED -CVE-2020-27277 - RESERVED +CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...) + TODO: check CVE-2020-27276 RESERVED -CVE-2020-27275 - RESERVED +CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to ...) + TODO: check CVE-2020-27274 RESERVED CVE-2020-27273 @@ -9076,8 +9076,8 @@ CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSR NOT-FOR-US: forma.lms CVE-2020-26801 RESERVED -CVE-2020-26800 - RESERVED +CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client version &l ...) + TODO: check CVE-2020-26799 RESERVED CVE-2020-26798 @@ -10234,6 +10234,7 @@ CVE-2020-26263 (tlslite-ng is an open source python library that implements SSL NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/439 CVE-2020-26262 RESERVED + {DSA-4829-1} - coturn <unfixed> NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p NOTE: https://github.com/coturn/coturn/commit/ff5e5478a3e1b426bad053828099403cfc5c1f5f @@ -10590,8 +10591,8 @@ CVE-2020-26120 (XSS exists in the MobileFrontend extension for MediaWiki before NOT-FOR-US: MobileFrontend MediaWiki extension CVE-2020-26119 RESERVED -CVE-2020-26118 - RESERVED +CVE-2020-26118 (In SmartBear Collaborator Server through 13.3.13302, use of the Google ...) + TODO: check CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...) {DLA-2396-1} - tigervnc 1.10.1+dfsg-9 (bug #971272) @@ -11720,8 +11721,7 @@ CVE-2020-25660 (A flaw was found in the Cephx authentication protocol in version NOTE: Fixed by: https://github.com/ceph/ceph/commit/2927fd91d41e505237cc73f9700e5c6a63e5cb4f (14.2.14) NOTE: Fixed by: https://github.com/ceph/ceph/commit/4c11203122d729c832a645c9e3f5092db4963840 (14.2.14) NOTE: Fixed by: https://github.com/ceph/ceph/commit/bb5d3d58bfcae96d2e5f796eaa74fc0987f79e77 (14.2.14) -CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption] - RESERVED +CVE-2020-25659 (python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks ...) - python-cryptography 3.2.1-1 (bug #973247) [buster] - python-cryptography <no-dsa> (Minor issue) [stretch] - python-cryptography <no-dsa> (Minor issue; risk of regression & marginal benefit) @@ -15366,8 +15366,8 @@ CVE-2020-24027 RESERVED CVE-2020-24026 RESERVED -CVE-2020-24025 - RESERVED +CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...) + TODO: check CVE-2020-24024 RESERVED CVE-2020-24023 @@ -15410,8 +15410,8 @@ CVE-2020-24005 RESERVED CVE-2020-24004 RESERVED -CVE-2020-24003 - RESERVED +CVE-2020-24003 (Microsoft Skype through 8.59.0.77 on macOS has the disable-library-val ...) + TODO: check CVE-2020-24002 RESERVED CVE-2020-24001 @@ -15496,8 +15496,8 @@ CVE-2020-23962 RESERVED CVE-2020-23961 RESERVED -CVE-2020-23960 - RESERVED +CVE-2020-23960 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Admi ...) + TODO: check CVE-2020-23959 RESERVED CVE-2020-23958 @@ -15718,8 +15718,8 @@ CVE-2020-23851 RESERVED CVE-2020-23850 RESERVED -CVE-2020-23849 - RESERVED +CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...) + TODO: check CVE-2020-23848 RESERVED CVE-2020-23847 @@ -16128,10 +16128,10 @@ CVE-2020-23646 RESERVED CVE-2020-23645 RESERVED -CVE-2020-23644 - RESERVED -CVE-2020-23643 - RESERVED +CVE-2020-23644 (XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Ho ...) + TODO: check +CVE-2020-23643 (XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signatur ...) + TODO: check CVE-2020-23642 RESERVED CVE-2020-23641 @@ -16156,8 +16156,8 @@ CVE-2020-23632 RESERVED CVE-2020-23631 RESERVED -CVE-2020-23630 - RESERVED +CVE-2020-23630 (A blind SQL injection vulnerability exists in zzcms ver201910 based on ...) + TODO: check CVE-2020-23629 RESERVED CVE-2020-23628 @@ -28380,8 +28380,8 @@ CVE-2020-17536 REJECTED CVE-2020-17535 REJECTED -CVE-2020-17534 - RESERVED +CVE-2020-17534 (There exists a race condition between the deletion of the temporary fi ...) + TODO: check CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not ...) NOT-FOR-US: Apache Accumulo CVE-2020-17532 @@ -28443,14 +28443,12 @@ CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950 -CVE-2020-17509 [ATS negative cache option is vulnerable to a cache poisoning attack] - RESERVED +CVE-2020-17509 (ATS negative cache option is vulnerable to a cache poisoning attack. I ...) {DSA-4805-1} - trafficserver 8.1.1+ds-1 NOTE: https://github.com/apache/trafficserver/pull/7359 NOTE: https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E -CVE-2020-17508 [The ATS ESI plugin has a memory disclosure vulnerability] - RESERVED +CVE-2020-17508 (The ATS ESI plugin has a memory disclosure vulnerability. If you are r ...) {DSA-4805-1} - trafficserver 8.1.1+ds-1 NOTE: https://github.com/apache/trafficserver/pull/7358 @@ -37185,8 +37183,8 @@ CVE-2020-13924 RESERVED CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...) NOT-FOR-US: Apache OFBiz -CVE-2020-13922 - RESERVED +CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...) + TODO: check CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...) NOT-FOR-US: Apache SkyWalking CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...) @@ -38130,8 +38128,8 @@ CVE-2020-13561 RESERVED CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit -CVE-2020-13559 - RESERVED +CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...) + TODO: check CVE-2020-13558 RESERVED CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) @@ -41991,8 +41989,8 @@ CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache T NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6 NOTE: https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36) NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56) -CVE-2020-11995 - RESERVED +CVE-2020-11995 (A deserialization vulnerability existed in dubbo 2.7.5 and its earlier ...) + TODO: check CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...) NOT-FOR-US: Apache Camel CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...) @@ -59414,8 +59412,8 @@ CVE-2020-4871 RESERVED CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack cau ...) NOT-FOR-US: IBM -CVE-2020-4869 - RESERVED +CVE-2020-4869 (IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of servi ...) + TODO: check CVE-2020-4868 RESERVED CVE-2020-4867 @@ -64466,8 +64464,8 @@ CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Serv NOT-FOR-US: Oracle CVE-2020-2509 RESERVED -CVE-2020-2508 - RESERVED +CVE-2020-2508 (A command injection vulnerability has been reported to affect QTS and ...) + TODO: check CVE-2020-2507 RESERVED CVE-2020-2506 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 3ac592ad7c..16e18e3997 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,7 @@ +CVE-2021-3125 + RESERVED +CVE-2021-3124 + RESERVED CVE-2021-3123 RESERVED CVE-2021-3122 @@ -1182,8 +1186,8 @@ CVE-2021-23255 RESERVED CVE-2021-23254 RESERVED -CVE-2021-23253 - RESERVED +CVE-2021-23253 (Opera Mini for Android below 53.1 displays URL left-aligned in the add ...) + TODO: check CVE-2021-23252 RESERVED CVE-2021-23251 |