diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-03-02 08:10:20 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-03-02 08:10:20 +0000 |
| commit | 66a4d51ff9bd76bf3313fd2dff414d790eb0d3a8 (patch) | |
| tree | 7c00ffc3c3ece5dbe13f0272d842ff857f3079b4 | |
| parent | 1d5aa20ab4233e3aa0aa777ac0dabe7ffc912c02 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2016.list | 142 | ||||
| -rw-r--r-- | data/CVE/2021.list | 139 |
2 files changed, 172 insertions, 109 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 0684c37984..6e1ea5d93b 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -8835,113 +8835,113 @@ CVE-2016-8162 CVE-2016-8161 RESERVED CVE-2016-8160 - RESERVED + REJECTED CVE-2016-8159 - RESERVED + REJECTED CVE-2016-8158 - RESERVED + REJECTED CVE-2016-8157 - RESERVED + REJECTED CVE-2016-8156 - RESERVED + REJECTED CVE-2016-8155 - RESERVED + REJECTED CVE-2016-8154 - RESERVED + REJECTED CVE-2016-8153 - RESERVED + REJECTED CVE-2016-8152 - RESERVED + REJECTED CVE-2016-8151 - RESERVED + REJECTED CVE-2016-8150 - RESERVED + REJECTED CVE-2016-8149 - RESERVED + REJECTED CVE-2016-8148 - RESERVED + REJECTED CVE-2016-8147 - RESERVED + REJECTED CVE-2016-8146 - RESERVED + REJECTED CVE-2016-8145 - RESERVED + REJECTED CVE-2016-8144 - RESERVED + REJECTED CVE-2016-8143 - RESERVED + REJECTED CVE-2016-8142 - RESERVED + REJECTED CVE-2016-8141 - RESERVED + REJECTED CVE-2016-8140 - RESERVED + REJECTED CVE-2016-8139 - RESERVED + REJECTED CVE-2016-8138 - RESERVED + REJECTED CVE-2016-8137 - RESERVED + REJECTED CVE-2016-8136 - RESERVED + REJECTED CVE-2016-8135 - RESERVED + REJECTED CVE-2016-8134 - RESERVED + REJECTED CVE-2016-8133 - RESERVED + REJECTED CVE-2016-8132 - RESERVED + REJECTED CVE-2016-8131 - RESERVED + REJECTED CVE-2016-8130 - RESERVED + REJECTED CVE-2016-8129 - RESERVED + REJECTED CVE-2016-8128 - RESERVED + REJECTED CVE-2016-8127 - RESERVED + REJECTED CVE-2016-8126 - RESERVED + REJECTED CVE-2016-8125 - RESERVED + REJECTED CVE-2016-8124 - RESERVED + REJECTED CVE-2016-8123 - RESERVED + REJECTED CVE-2016-8122 - RESERVED + REJECTED CVE-2016-8121 - RESERVED + REJECTED CVE-2016-8120 - RESERVED + REJECTED CVE-2016-8119 - RESERVED + REJECTED CVE-2016-8118 - RESERVED + REJECTED CVE-2016-8117 - RESERVED + REJECTED CVE-2016-8116 - RESERVED + REJECTED CVE-2016-8115 - RESERVED + REJECTED CVE-2016-8114 - RESERVED + REJECTED CVE-2016-8113 - RESERVED + REJECTED CVE-2016-8112 - RESERVED + REJECTED CVE-2016-8111 - RESERVED + REJECTED CVE-2016-8110 - RESERVED + REJECTED CVE-2016-8109 - RESERVED + REJECTED CVE-2016-8108 - RESERVED + REJECTED CVE-2016-8107 - RESERVED + REJECTED CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non ...) NOT-FOR-US: Intel driver CVE-2016-8105 (Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Cont ...) @@ -9057,25 +9057,25 @@ CVE-2016-8051 CVE-2016-8050 REJECTED CVE-2016-8049 - RESERVED + REJECTED CVE-2016-8048 - RESERVED + REJECTED CVE-2016-8047 - RESERVED + REJECTED CVE-2016-8046 - RESERVED + REJECTED CVE-2016-8045 - RESERVED + REJECTED CVE-2016-8044 - RESERVED + REJECTED CVE-2016-8043 - RESERVED + REJECTED CVE-2016-8042 - RESERVED + REJECTED CVE-2016-8041 - RESERVED + REJECTED CVE-2016-8040 - RESERVED + REJECTED CVE-2016-8039 REJECTED CVE-2016-8038 @@ -9099,7 +9099,7 @@ CVE-2016-8030 (A memory corruption vulnerability in Scriptscan COM Object in McA CVE-2016-8029 REJECTED CVE-2016-8028 - RESERVED + REJECTED CVE-2016-8027 (SQL injection vulnerability in core services in Intel Security McAfee ...) NOT-FOR-US: Intel antivirus CVE-2016-8026 (Arbitrary command execution vulnerability in Intel Security McAfee Sec ...) @@ -9125,11 +9125,11 @@ CVE-2016-8017 (Special element injection vulnerability in Intel Security VirusSc CVE-2016-8016 (Information exposure in Intel Security VirusScan Enterprise Linux (VSE ...) NOT-FOR-US: Intel antivirus CVE-2016-8015 - RESERVED + REJECTED CVE-2016-8014 - RESERVED + REJECTED CVE-2016-8013 - RESERVED + REJECTED CVE-2016-8012 (Access control vulnerability in Intel Security Data Loss Prevention En ...) NOT-FOR-US: Intel antivirus CVE-2016-8011 (Cross-site scripting vulnerability in Intel Security McAfee Endpoint S ...) @@ -9147,13 +9147,13 @@ CVE-2016-8006 (Authentication bypass vulnerability in Enterprise Security Manage CVE-2016-8005 (File extension filtering vulnerability in Intel Security McAfee Email ...) NOT-FOR-US: Intel antivirus CVE-2016-8004 - RESERVED + REJECTED CVE-2016-8003 - RESERVED + REJECTED CVE-2016-8002 REJECTED CVE-2016-8001 - RESERVED + REJECTED CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ...) {DLA-695-1} - spip 3.1.3-1 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 4c57b3a0eb..a46dc0a8ea 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,4 +1,63 @@ +CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in MISP 2. ...) + TODO: check +CVE-2021-27903 + RESERVED +CVE-2021-27902 + RESERVED +CVE-2021-27901 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) + TODO: check +CVE-2021-27900 + RESERVED +CVE-2021-27899 + RESERVED +CVE-2021-27898 + RESERVED +CVE-2021-27897 + RESERVED +CVE-2021-27896 + RESERVED +CVE-2021-27895 + RESERVED +CVE-2021-27894 + RESERVED +CVE-2021-27893 + RESERVED +CVE-2021-27892 + RESERVED +CVE-2021-27891 + RESERVED +CVE-2021-27890 + RESERVED +CVE-2021-27889 + RESERVED +CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...) + TODO: check +CVE-2021-27887 + RESERVED +CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) + TODO: check +CVE-2021-27885 + RESERVED +CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...) + TODO: check +CVE-2021-27883 + RESERVED +CVE-2021-27882 + RESERVED +CVE-2021-27881 + RESERVED +CVE-2021-27880 + RESERVED +CVE-2021-27879 + RESERVED +CVE-2021-27878 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...) + TODO: check +CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It support ...) + TODO: check +CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...) + TODO: check CVE-2021-3419 [net: rtl8139: stack-based buffer overflow induced by infinite recursion issue] + RESERVED - qemu <unfixed> NOTE: https://bugs.launchpad.net/qemu/+bug/1910826 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00010.html @@ -146,8 +205,8 @@ CVE-2021-27806 RESERVED CVE-2021-27805 RESERVED -CVE-2021-27804 - RESERVED +CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...) + TODO: check CVE-2021-27802 RESERVED CVE-2021-27801 @@ -304,10 +363,10 @@ CVE-2021-27733 RESERVED CVE-2021-27732 RESERVED -CVE-2021-27731 - RESERVED -CVE-2021-27730 - RESERVED +CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS via a cra ...) + TODO: check +CVE-2021-27730 (Accellion FTA 9_12_432 and earlier is affected by argument injection v ...) + TODO: check CVE-2021-27729 RESERVED CVE-2021-27728 @@ -1156,10 +1215,10 @@ CVE-2021-27320 RESERVED CVE-2021-27319 RESERVED -CVE-2021-27318 - RESERVED -CVE-2021-27317 - RESERVED +CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...) + TODO: check +CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...) + TODO: check CVE-2021-27316 RESERVED CVE-2021-27315 @@ -2187,9 +2246,13 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed] + RESERVED + {DSA-4859-1 DLA-2573-1} - libzstd 1.4.8+dfsg-2 (bug #982519) NOTE: https://github.com/facebook/zstd/issues/2491 CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed] + RESERVED + {DSA-4850-1 DLA-2573-1} - libzstd 1.4.8+dfsg-1 (bug #981404) NOTE: https://github.com/facebook/zstd/issues/1630 CVE-2021-26852 @@ -2511,12 +2574,12 @@ CVE-2021-26706 RESERVED CVE-2021-26705 RESERVED -CVE-2021-26704 - RESERVED -CVE-2021-26703 - RESERVED -CVE-2021-26702 - RESERVED +CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...) + TODO: check +CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) + TODO: check +CVE-2021-26702 (EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset param ...) + TODO: check CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...) NOT-FOR-US: Microsoft CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...) @@ -3106,10 +3169,10 @@ CVE-2021-26478 RESERVED CVE-2021-26477 RESERVED -CVE-2021-26476 - RESERVED -CVE-2021-26475 - RESERVED +CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via craft ...) + TODO: check +CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...) + TODO: check CVE-2021-26474 RESERVED CVE-2021-26473 @@ -3463,8 +3526,8 @@ CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI f NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1 CVE-2021-3343 RESERVED -CVE-2021-3342 - RESERVED +CVE-2021-3342 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) + TODO: check CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...) NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...) @@ -3512,8 +3575,8 @@ CVE-2021-26295 RESERVED CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...) NOT-FOR-US: Open-AudIT -CVE-2021-3332 - RESERVED +CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protection me ...) + TODO: check CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...) NOT-FOR-US: WinSCP CVE-2021-3330 @@ -5860,14 +5923,14 @@ CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversa NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Be ...) NOT-FOR-US: Belkin Linksys WRT160NL devices -CVE-2021-25309 - RESERVED +CVE-2021-25309 (The telnet administrator service running on port 650 on Gigaset DX600A ...) + TODO: check CVE-2021-25308 RESERVED CVE-2021-25307 RESERVED -CVE-2021-25306 - RESERVED +CVE-2021-25306 (A buffer overflow vulnerability in the AT command interface of Gigaset ...) + TODO: check CVE-2021-3174 RESERVED CVE-2021-25305 @@ -13812,12 +13875,12 @@ CVE-2021-21519 RESERVED CVE-2021-21518 RESERVED -CVE-2021-21517 - RESERVED +CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity Injection ...) + TODO: check CVE-2021-21516 RESERVED -CVE-2021-21515 - RESERVED +CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross ...) + TODO: check CVE-2021-21514 RESERVED CVE-2021-21513 @@ -14222,12 +14285,12 @@ CVE-2021-21324 RESERVED CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...) - brave-browser <itp> (bug #864795) -CVE-2021-21322 - RESERVED -CVE-2021-21321 - RESERVED -CVE-2021-21320 - RESERVED +CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin for pro ...) + TODO: check +CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin to forw ...) + TODO: check +CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...) + TODO: check CVE-2021-21319 RESERVED CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...) |