diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-17 20:10:29 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-17 20:10:29 +0000 |
commit | 6f3057bf89836494ef28f8d4186e6dd6c6839306 (patch) | |
tree | 98032307c48c38aa863f8692e797a121d57ca0e4 | |
parent | 18f0cc9d2e6d404790bbcb49e3977e0e00f3c85b (diff) |
automatic update
-rw-r--r-- | data/CVE/2019.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 214 | ||||
-rw-r--r-- | data/CVE/2021.list | 100 |
3 files changed, 133 insertions, 183 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 53e5f6de62..03fefaf6f2 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -50250,7 +50250,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can f - openssl1.0 <not-affected> (Windows-specific) NOTE: https://www.openssl.org/news/secadv/20190730.txt CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...) - {DSA-4594-1} + {DSA-4855-1 DSA-4594-1} - openssl 1.1.1e-1 (low; bug #947949) [stretch] - openssl <postponed> (Wait until next upstream security release) [jessie] - openssl <not-affected> (Affected modules are not present in Jessie) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 056b8ae847..f9675404c5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -631,10 +631,10 @@ CVE-2020-36005 RESERVED CVE-2020-36004 RESERVED -CVE-2020-36003 - RESERVED -CVE-2020-36002 - RESERVED +CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...) + TODO: check +CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...) + TODO: check CVE-2020-36001 RESERVED CVE-2020-36000 @@ -2206,8 +2206,8 @@ CVE-2020-35341 RESERVED CVE-2020-35340 RESERVED -CVE-2020-35339 - RESERVED +CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnerability ...) + TODO: check CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...) NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server CVE-2020-35337 @@ -4676,7 +4676,7 @@ CVE-2020-28854 RESERVED CVE-2020-28853 RESERVED -CVE-2020-28852 (In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in ...) +CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...) - golang-golang-x-text 0.3.5-1 (bug #980002) - golang-x-text <removed> NOTE: https://github.com/golang/go/issues/42536 @@ -14744,46 +14744,35 @@ CVE-2020-24507 RESERVED CVE-2020-24506 RESERVED -CVE-2020-24505 - RESERVED +CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24504 - RESERVED -CVE-2020-24503 - RESERVED -CVE-2020-24502 - RESERVED -CVE-2020-24501 - RESERVED +CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...) + TODO: check +CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810 Adapter dri ...) + TODO: check +CVE-2020-24502 (Improper input validation in some Intel(R) Ethernet E810 Adapter drive ...) + TODO: check +CVE-2020-24501 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24500 - RESERVED +CVE-2020-24500 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24499 RESERVED -CVE-2020-24498 - RESERVED +CVE-2020-24498 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24497 - RESERVED +CVE-2020-24497 (Insufficient Access Control in the firmware for Intel(R) E810 Ethernet ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24496 - RESERVED +CVE-2020-24496 (Insufficient input validation in the firmware for Intel(R) 722 Etherne ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24495 - RESERVED +CVE-2020-24495 (Insufficient access control in the firmware for the Intel(R) 700-serie ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24494 - RESERVED +CVE-2020-24494 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24493 - RESERVED +CVE-2020-24493 (Insufficient access control in the firmware for the Intel(R) 700-serie ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24492 - RESERVED +CVE-2020-24492 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...) NOT-FOR-US: Intel NIC firmware -CVE-2020-24491 - RESERVED +CVE-2020-24491 (Debug message containing addresses of memory transactions in some Inte ...) NOT-FOR-US: Intel CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an unauthenticated use ...) {DLA-2420-1} @@ -14800,21 +14789,17 @@ CVE-2020-24487 RESERVED CVE-2020-24486 RESERVED -CVE-2020-24485 - RESERVED +CVE-2020-24485 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...) NOT-FOR-US: Intel CVE-2020-24484 RESERVED CVE-2020-24483 RESERVED -CVE-2020-24482 - RESERVED +CVE-2020-24482 (Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem ...) NOT-FOR-US: Intel -CVE-2020-24481 - RESERVED +CVE-2020-24481 (Insecure inherited permissions for the Intel(R) Quartus Prime Pro and ...) NOT-FOR-US: Intel -CVE-2020-24480 - RESERVED +CVE-2020-24480 (Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may al ...) NOT-FOR-US: Intel CVE-2020-24479 RESERVED @@ -14850,8 +14835,7 @@ CVE-2020-24464 RESERVED CVE-2020-24463 RESERVED -CVE-2020-24462 - RESERVED +CVE-2020-24462 (Out of bounds write in the Intel(R) Graphics Driver before version 15. ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-24461 RESERVED @@ -14859,8 +14843,7 @@ CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version NOT-FOR-US: Intel CVE-2020-24459 RESERVED -CVE-2020-24458 - RESERVED +CVE-2020-24458 (Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (T ...) NOT-FOR-US: Intel CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...) NOT-FOR-US: Intel @@ -14874,22 +14857,17 @@ CVE-2020-24455 [FAPI PolicyPCR not instatiating correctly] NOTE: https://github.com/tpm2-software/tpm2-tss/commit/bf24b0ef0fa8de9300a323f70a097a1afd818439 (2.4.5) CVE-2020-24454 (Improper Restriction of XML External Entity Reference in subsystem for ...) NOT-FOR-US: Intel -CVE-2020-24453 - RESERVED +CVE-2020-24453 (Improper input validation in the Intel(R) EPID SDK before version 8, m ...) NOT-FOR-US: Intel -CVE-2020-24452 - RESERVED +CVE-2020-24452 (Improper input validation in the Intel(R) SGX Platform Software for Wi ...) NOT-FOR-US: Intel -CVE-2020-24451 - RESERVED +CVE-2020-24451 (Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memo ...) NOT-FOR-US: Intel -CVE-2020-24450 - RESERVED +CVE-2020-24450 (Improper conditions check in some Intel(R) Graphics Drivers before ver ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-24449 RESERVED -CVE-2020-24448 - RESERVED +CVE-2020-24448 (Uncaught exception in some Intel(R) Graphics Drivers before version 15 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...) NOT-FOR-US: Adobe @@ -38612,6 +38590,7 @@ CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator CVE-2020-13558 RESERVED + {DSA-4854-1} - webkit2gtk 2.30.5-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.5-1 @@ -38620,18 +38599,18 @@ CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine o NOT-FOR-US: Foxit CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...) NOT-FOR-US: EIP Stack Group OpENer -CVE-2020-13555 - RESERVED +CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check CVE-2020-13554 RESERVED -CVE-2020-13553 - RESERVED -CVE-2020-13552 - RESERVED -CVE-2020-13551 - RESERVED -CVE-2020-13550 - RESERVED +CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check +CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check +CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check +CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...) + TODO: check CVE-2020-13549 RESERVED CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) @@ -41564,14 +41543,11 @@ CVE-2020-12387 (A race condition when running shutdown code for Web Worker led t NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387 -CVE-2020-12386 - RESERVED +CVE-2020-12386 (Out-of-bounds write in some Intel(R) Graphics Drivers before version 1 ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12385 - RESERVED +CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers before ver ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12384 - RESERVED +CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12383 RESERVED @@ -41579,65 +41555,48 @@ CVE-2020-12382 RESERVED CVE-2020-12381 RESERVED -CVE-2020-12380 - RESERVED +CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...) NOT-FOR-US: Intel CVE-2020-12379 RESERVED CVE-2020-12378 RESERVED -CVE-2020-12377 - RESERVED +CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...) NOT-FOR-US: Intel -CVE-2020-12376 - RESERVED +CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...) NOT-FOR-US: Intel -CVE-2020-12375 - RESERVED +CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-12374 RESERVED -CVE-2020-12373 - RESERVED +CVE-2020-12373 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12372 - RESERVED +CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12371 - RESERVED +CVE-2020-12371 (Divide by zero in some Intel(R) Graphics Drivers before version 26.20. ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12370 - RESERVED +CVE-2020-12370 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12369 - RESERVED +CVE-2020-12369 (Out of bound write in some Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12368 - RESERVED +CVE-2020-12368 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12367 - RESERVED +CVE-2020-12367 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12366 - RESERVED +CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12365 - RESERVED +CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows -CVE-2020-12364 - RESERVED +CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...) - linux 5.5.13-1 NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html -CVE-2020-12363 - RESERVED +CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...) - linux 5.5.13-1 NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html -CVE-2020-12362 - RESERVED +CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...) - linux 5.5.13-1 NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html -CVE-2020-12361 - RESERVED +CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12360 RESERVED @@ -41689,8 +41648,7 @@ CVE-2020-12341 RESERVED CVE-2020-12340 RESERVED -CVE-2020-12339 - RESERVED +CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...) NOT-FOR-US: Intel CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...) NOT-FOR-US: Intel @@ -50531,8 +50489,7 @@ CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Qua NOT-FOR-US: Intel CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...) NOT-FOR-US: Intel -CVE-2020-8765 - RESERVED +CVE-2020-8765 (Incorrect default permissions in the installer for the Intel(R) RealSe ...) NOT-FOR-US: Intel CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...) NOT-FOR-US: Intel @@ -50660,8 +50617,7 @@ CVE-2020-8703 RESERVED CVE-2020-8702 RESERVED -CVE-2020-8701 - RESERVED +CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...) NOT-FOR-US: Intel CVE-2020-8700 RESERVED @@ -50722,8 +50678,7 @@ CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 1 NOT-FOR-US: Intel CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...) NOT-FOR-US: Intel -CVE-2020-8678 - RESERVED +CVE-2020-8678 (Improper access control for Intel(R) Graphics Drivers before version 1 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) NOT-FOR-US: Intel @@ -52776,10 +52731,10 @@ CVE-2020-7851 RESERVED CVE-2020-7850 RESERVED -CVE-2020-7849 - RESERVED -CVE-2020-7848 - RESERVED +CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...) + TODO: check +CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) + TODO: check CVE-2020-7847 RESERVED CVE-2020-7846 @@ -69297,8 +69252,7 @@ CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory NOT-FOR-US: Intel CVE-2020-0545 (Integer overflow in subsystem for Intel(R) CSME versions before 11.8.7 ...) NOT-FOR-US: Intel -CVE-2020-0544 - RESERVED +CVE-2020-0544 (Insufficient control flow management in the kernel mode driver for som ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-0543 (Incomplete cleanup from specific special register read operations in s ...) {DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2248-1 DLA-2242-1 DLA-2241-1} @@ -69341,27 +69295,21 @@ CVE-2020-0527 (Insufficient control flow management in firmware for some Intel(R NOT-FOR-US: Intel CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...) NOT-FOR-US: Intel -CVE-2020-0525 - RESERVED +CVE-2020-0525 (Improper access control in firmware for the Intel(R) Ethernet I210 Con ...) NOT-FOR-US: Intel -CVE-2020-0524 - RESERVED +CVE-2020-0524 (Improper default permissions in the firmware for the Intel(R) Ethernet ...) NOT-FOR-US: Intel -CVE-2020-0523 - RESERVED +CVE-2020-0523 (Improper access control in the firmware for the Intel(R) Ethernet I210 ...) NOT-FOR-US: Intel -CVE-2020-0522 - RESERVED +CVE-2020-0522 (Improper initialization in the firmware for the Intel(R) Ethernet I210 ...) NOT-FOR-US: Intel -CVE-2020-0521 - RESERVED +CVE-2020-0521 (Insufficient control flow management in some Intel(R) Graphics Drivers ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...) NOT-FOR-US: Intel CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows -CVE-2020-0518 - RESERVED +CVE-2020-0518 (Improper access control in the Intel(R) HD Graphics Control Panel befo ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...) NOT-FOR-US: Intel Graphics drivers for Windows diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 1bd1140c68..57aa53a4c3 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,7 @@ +CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...) + TODO: check +CVE-2021-27361 + RESERVED CVE-2021-27360 RESERVED CVE-2021-27359 @@ -272,8 +276,8 @@ CVE-2021-27226 RESERVED CVE-2021-27225 RESERVED -CVE-2021-27224 - RESERVED +CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...) + TODO: check CVE-2021-27223 RESERVED CVE-2021-27222 @@ -1186,8 +1190,8 @@ CVE-2021-26811 RESERVED CVE-2021-26810 RESERVED -CVE-2021-26809 - RESERVED +CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote shell ...) + TODO: check CVE-2021-26808 RESERVED CVE-2021-26807 @@ -1420,8 +1424,7 @@ CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5 NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446 -CVE-2021-26697 - RESERVED +CVE-2021-26697 (The lineage endpoint of the deprecated Experimental API was not protec ...) - airflow <itp> (bug #819700) CVE-2021-26696 RESERVED @@ -1736,8 +1739,8 @@ CVE-2021-26561 RESERVED CVE-2021-26560 RESERVED -CVE-2021-26559 - RESERVED +CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API ...) + TODO: check CVE-2021-26558 RESERVED CVE-2021-3391 @@ -3713,10 +3716,10 @@ CVE-2021-25782 RESERVED CVE-2021-25781 RESERVED -CVE-2021-25780 - RESERVED -CVE-2021-25779 - RESERVED +CVE-2021-25780 (An arbitrary file upload vulnerability has been identified in posts.ph ...) + TODO: check +CVE-2021-25779 (Baby Care System v1.0 is vulnerable to SQL injection via the 'id' para ...) + TODO: check CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...) @@ -7789,8 +7792,8 @@ CVE-2021-23887 RESERVED CVE-2021-23886 RESERVED -CVE-2021-23885 - RESERVED +CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) + TODO: check CVE-2021-23884 RESERVED CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...) @@ -7877,12 +7880,14 @@ CVE-2021-23843 RESERVED CVE-2021-23842 RESERVED -CVE-2021-23841 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...) +CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...) + {DSA-4855-1} - openssl 1.1.1j-1 - openssl1.0 <removed> NOTE: https://www.openssl.org/news/secadv/20210216.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j) CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...) + {DSA-4855-1} - openssl 1.1.1j-1 - openssl1.0 <removed> NOTE: https://www.openssl.org/news/secadv/20210216.txt @@ -8932,8 +8937,8 @@ CVE-2021-23341 RESERVED CVE-2021-23340 RESERVED -CVE-2021-23339 - RESERVED +CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...) + TODO: check CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...) NOT-FOR-US: qlib CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...) @@ -9889,18 +9894,18 @@ CVE-2021-22860 RESERVED CVE-2021-22859 RESERVED -CVE-2021-22858 - RESERVED -CVE-2021-22857 - RESERVED -CVE-2021-22856 - RESERVED -CVE-2021-22855 - RESERVED -CVE-2021-22854 - RESERVED -CVE-2021-22853 - RESERVED +CVE-2021-22858 (Attackers can access the CGE account management function without privi ...) + TODO: check +CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...) + TODO: check +CVE-2021-22856 (The CGE property management system contains SQL Injection vulnerabilit ...) + TODO: check +CVE-2021-22855 (The specific function of HR Portal of Soar Cloud System accepts any ty ...) + TODO: check +CVE-2021-22854 (The HR Portal of Soar Cloud System fails to filter specific parameters ...) + TODO: check +CVE-2021-22853 (The HR Portal of Soar Cloud System fails to manage access control. Whi ...) + TODO: check CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) NOT-FOR-US: HGiga EIP CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) @@ -10522,8 +10527,8 @@ CVE-2021-22555 RESERVED CVE-2021-22554 RESERVED -CVE-2021-22553 - RESERVED +CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...) + TODO: check CVE-2021-22552 RESERVED CVE-2021-22551 @@ -11280,15 +11285,13 @@ CVE-2021-22176 RESERVED CVE-2021-22175 RESERVED -CVE-2021-22174 [USB HID dissector could crash] - RESERVED +CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark <not-affected> (Affected code not present) [stretch] - wireshark <not-affected> (Affected code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17165 -CVE-2021-22173 [USB HID dissector memory leak] - RESERVED +CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows de ...) - wireshark 3.4.3-1 (bug #981791) [buster] - wireshark <not-affected> (Affected code not present) [stretch] - wireshark <not-affected> (Affected code not present) @@ -18193,16 +18196,16 @@ CVE-2021-1418 RESERVED CVE-2021-1417 RESERVED -CVE-2021-1416 - RESERVED +CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...) + TODO: check CVE-2021-1415 RESERVED CVE-2021-1414 RESERVED CVE-2021-1413 RESERVED -CVE-2021-1412 - RESERVED +CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...) + TODO: check CVE-2021-1411 RESERVED CVE-2021-1410 @@ -18269,8 +18272,8 @@ CVE-2021-1380 RESERVED CVE-2021-1379 RESERVED -CVE-2021-1378 - RESERVED +CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...) + TODO: check CVE-2021-1377 RESERVED CVE-2021-1376 @@ -18281,8 +18284,8 @@ CVE-2021-1374 RESERVED CVE-2021-1373 RESERVED -CVE-2021-1372 - RESERVED +CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...) + TODO: check CVE-2021-1371 RESERVED CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...) @@ -18293,8 +18296,8 @@ CVE-2021-1368 RESERVED CVE-2021-1367 RESERVED -CVE-2021-1366 - RESERVED +CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) + TODO: check CVE-2021-1365 RESERVED CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) @@ -18323,8 +18326,8 @@ CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS cou NOT-FOR-US: Cisco CVE-2021-1352 RESERVED -CVE-2021-1351 - RESERVED +CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...) + TODO: check CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...) NOT-FOR-US: Cisco CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) @@ -20836,8 +20839,7 @@ CVE-2021-0111 RESERVED CVE-2021-0110 RESERVED -CVE-2021-0109 - RESERVED +CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...) NOT-FOR-US: Intel CVE-2021-0108 RESERVED |