diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-18 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-18 20:10:27 +0000 |
commit | 746426b2d611eb0158df2067167d3e50feb773ba (patch) | |
tree | e6a4c44e5814f83f1c71a472e17e632eafe176e8 | |
parent | c16c0cdd94b6e297ebff292a7a6e9fc642d9f238 (diff) |
automatic update
-rw-r--r-- | data/CVE/2019.list | 8 | ||||
-rw-r--r-- | data/CVE/2020.list | 45 | ||||
-rw-r--r-- | data/CVE/2021.list | 98 |
3 files changed, 100 insertions, 51 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index acdf14de03..f31013f89f 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -7102,8 +7102,8 @@ CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, mu NOT-FOR-US: Advantech CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use individual per ...) NOT-FOR-US: BIOTRONIK CardioMessenge -CVE-2019-18255 - RESERVED +CVE-2019-18255 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...) + TODO: check CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not encrypt sen ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...) @@ -7126,8 +7126,8 @@ CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allo NOT-FOR-US: Reliable Controls LicenseManager CVE-2019-18244 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft -CVE-2019-18243 - RESERVED +CVE-2019-18243 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...) + TODO: check CVE-2019-18242 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all ver ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 23aec710ab..b6c490be4f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -32,8 +32,8 @@ CVE-2020-36235 (Affected versions of Atlassian Jira Server and Data Center allow NOT-FOR-US: Atlassian CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian -CVE-2020-36233 - RESERVED +CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...) + TODO: check CVE-2020-36232 RESERVED CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) @@ -1574,8 +1574,8 @@ CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url= NOT-FOR-US: tindy2013 CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI before ...) NOT-FOR-US: Nagios XI -CVE-2020-35577 - RESERVED +CVE-2020-35577 (In Endalia Selection Portal before 4.205.0, an Insecure Direct Object ...) + TODO: check CVE-2020-35576 (A Command Injection issue in the traceroute feature on TP-Link TL-WR84 ...) NOT-FOR-US: TP-Link CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-Link de ...) @@ -2737,8 +2737,8 @@ CVE-2020-29666 (In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a direc NOT-FOR-US: Lan ATMService M3 ATM Monitoring System CVE-2020-29665 RESERVED -CVE-2020-29664 - RESERVED +CVE-2020-29664 (A command injection issue in dji_sys in DJI Mavic 2 Remote Controller ...) + TODO: check CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked ...) - icinga2 2.12.3-1 [buster] - icinga2 <no-dsa> (Minor issue) @@ -3309,8 +3309,8 @@ CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid a NOT-FOR-US: SmartyStreets liveAddressPlugin.js CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...) NOT-FOR-US: Umbraco CMS -CVE-2020-29453 - RESERVED +CVE-2020-29453 (The CachingResourceDownloadRewriteRule class in Jira Server and Jira D ...) + TODO: check CVE-2020-29452 RESERVED CVE-2020-29451 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) @@ -3319,8 +3319,8 @@ CVE-2020-29450 (Affected versions of Atlassian Confluence Server and Data Center NOT-FOR-US: Atlassian CVE-2020-29449 RESERVED -CVE-2020-29448 - RESERVED +CVE-2020-29448 (The ConfluenceResourceDownloadRewriteRule class in Confluence Server a ...) + TODO: check CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers to impa ...) NOT-FOR-US: Atlassian CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow remote att ...) @@ -5406,16 +5406,16 @@ CVE-2020-28501 CVE-2020-28500 (All versions of package lodash; all versions of package org.fujion.web ...) - node-lodash <unfixed> NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905 -CVE-2020-28499 - RESERVED +CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollution vi ...) + TODO: check CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...) - node-elliptic <unfixed> NOTE: https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f NOTE: https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md CVE-2020-28497 RESERVED -CVE-2020-28496 - RESERVED +CVE-2020-28496 (This affects the package three before 0.125.0. This can happen when ha ...) + TODO: check CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function can b ...) NOT-FOR-US: Node total.js CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs in th ...) @@ -5427,10 +5427,10 @@ CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. Th NOTE: https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 CVE-2020-28492 REJECTED -CVE-2020-28491 - RESERVED -CVE-2020-28490 - RESERVED +CVE-2020-28491 (This affects the package com.fasterxml.jackson.dataformat:jackson-data ...) + TODO: check +CVE-2020-28490 (The package async-git before 1.13.2 are vulnerable to Command Injectio ...) + TODO: check CVE-2020-28489 RESERVED CVE-2020-28488 @@ -5490,8 +5490,8 @@ CVE-2020-28465 RESERVED CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...) NOT-FOR-US: Node djv -CVE-2020-28463 - RESERVED +CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...) + TODO: check CVE-2020-28462 RESERVED CVE-2020-28461 @@ -50824,6 +50824,7 @@ CVE-2020-8627 CVE-2020-8626 RESERVED CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...) + {DSA-4857-1} - bind9 1:9.16.12-1 (bug #983004) NOTE: https://kb.isc.org/v1/docs/cve-2020-8625 NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches @@ -59781,8 +59782,8 @@ CVE-2020-4935 RESERVED CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to traverse ...) NOT-FOR-US: IBM -CVE-2020-4933 - RESERVED +CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...) + TODO: check CVE-2020-4932 RESERVED CVE-2020-4931 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 01891fd431..47f9daa01d 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,49 @@ +CVE-2021-3413 + RESERVED +CVE-2021-3412 + RESERVED +CVE-2021-27399 + RESERVED +CVE-2021-27398 + RESERVED +CVE-2021-27397 + RESERVED +CVE-2021-27396 + RESERVED +CVE-2021-27395 + RESERVED +CVE-2021-27394 + RESERVED +CVE-2021-27393 + RESERVED +CVE-2021-27392 + RESERVED +CVE-2021-27391 + RESERVED +CVE-2021-27390 + RESERVED +CVE-2021-27389 + RESERVED +CVE-2021-27388 + RESERVED +CVE-2021-27387 + RESERVED +CVE-2021-27386 + RESERVED +CVE-2021-27385 + RESERVED +CVE-2021-27384 + RESERVED +CVE-2021-27383 + RESERVED +CVE-2021-27382 + RESERVED +CVE-2021-27381 + RESERVED +CVE-2021-27380 + RESERVED +CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...) + TODO: check CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...) - rust-rand-core <unfixed> NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html @@ -85,8 +131,8 @@ CVE-2021-27337 RESERVED CVE-2021-27336 RESERVED -CVE-2021-27335 - RESERVED +CVE-2021-27335 (KollectApps before 4.8.16c is affected by insecure Java deserializatio ...) + TODO: check CVE-2021-27334 RESERVED CVE-2021-27333 @@ -97,8 +143,8 @@ CVE-2021-27331 RESERVED CVE-2021-27330 RESERVED -CVE-2021-27329 - RESERVED +CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...) + TODO: check CVE-2021-27328 RESERVED CVE-2021-27327 @@ -298,6 +344,7 @@ CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environm CVE-2021-27230 RESERVED CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...) + {DLA-2562-1} - mumble <unfixed> (bug #982904) NOTE: https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 NOTE: https://github.com/mumble-voip/mumble/pull/4733 @@ -949,6 +996,7 @@ CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16 - linux <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-365.html CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...) + {DLA-2564-1} - php-horde-text-filter <unfixed> (bug #982769) NOTE: https://lists.horde.org/archives/announce/2021/001298.html NOTE: https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master) @@ -2988,8 +3036,8 @@ CVE-2021-26070 RESERVED CVE-2021-26069 RESERVED -CVE-2021-26068 - RESERVED +CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...) + TODO: check CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...) NOT-FOR-US: Atlassian CVE-2021-26066 @@ -3319,7 +3367,7 @@ CVE-2021-25915 RESERVED CVE-2021-25914 RESERVED -CVE-2021-25913 (Prototype pollution vulnerability in ‘set-or-get’ version ...) +CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...) NOT-FOR-US: Node set-or-get CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...) NOT-FOR-US: Node dotty @@ -7915,13 +7963,13 @@ CVE-2021-23843 CVE-2021-23842 RESERVED CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...) - {DSA-4855-1} + {DSA-4855-1 DLA-2565-1 DLA-2563-1} - openssl 1.1.1j-1 - openssl1.0 <removed> NOTE: https://www.openssl.org/news/secadv/20210216.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j) CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...) - {DSA-4855-1} + {DSA-4855-1 DLA-2565-1 DLA-2563-1} - openssl 1.1.1j-1 - openssl1.0 <removed> NOTE: https://www.openssl.org/news/secadv/20210216.txt @@ -8967,10 +9015,10 @@ CVE-2021-23343 RESERVED CVE-2021-23342 RESERVED -CVE-2021-23341 - RESERVED -CVE-2021-23340 - RESERVED +CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...) + TODO: check +CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...) + TODO: check CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...) TODO: check CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...) @@ -13093,8 +13141,8 @@ CVE-2021-21320 RESERVED CVE-2021-21319 RESERVED -CVE-2021-21318 - RESERVED +CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...) + TODO: check CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...) NOT-FOR-US: Node uap-core CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...) @@ -14984,14 +15032,14 @@ CVE-2021-20448 RESERVED CVE-2021-20447 RESERVED -CVE-2021-20446 - RESERVED -CVE-2021-20445 - RESERVED -CVE-2021-20444 - RESERVED -CVE-2021-20443 - RESERVED +CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) + TODO: check +CVE-2021-20445 (IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain ...) + TODO: check +CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) + TODO: check +CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...) + TODO: check CVE-2021-20442 RESERVED CVE-2021-20441 @@ -15168,8 +15216,8 @@ CVE-2021-20356 RESERVED CVE-2021-20355 RESERVED -CVE-2021-20354 - RESERVED +CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...) + TODO: check CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2021-20352 |