diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-01-22 20:10:30 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-22 20:10:30 +0000 |
| commit | 94b42a2f66c05fab61026b56d1b2b563e3d70eb1 (patch) | |
| tree | d3e2e6606eeb6a79d64cc2684cc5bf52bd7cee44 | |
| parent | db84a874b702af464f02471549bf8afd0e0581eb (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2015.list | 1 | ||||
| -rw-r--r-- | data/CVE/2020.list | 100 | ||||
| -rw-r--r-- | data/CVE/2021.list | 48 |
3 files changed, 107 insertions, 42 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index fc6b9ea98e..83b28426ef 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -5428,6 +5428,7 @@ CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c i [squeeze] - xen <end-of-life> (not supported in squeeze-lts) NOTE: http://xenbits.xen.org/xsa/advisory-145.html CVE-2015-8011 (Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...) + {DSA-4836-1} - lldpd 0.7.19-1 [jessie] - lldpd 0.7.11-2+deb8u1 [wheezy] - lldpd <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5b5123a580..2338367726 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,41 @@ +CVE-2020-36220 (An issue was discovered in the va-ts crate before 0.0.4 for Rust. Beca ...) + TODO: check +CVE-2020-36219 (An issue was discovered in the atomic-option crate through 2020-10-31 ...) + TODO: check +CVE-2020-36218 (An issue was discovered in the buttplug crate before 1.0.4 for Rust. B ...) + TODO: check +CVE-2020-36217 (An issue was discovered in the may_queue crate through 2020-11-10 for ...) + TODO: check +CVE-2020-36216 (An issue was discovered in Input<R> in the eventio crate before ...) + TODO: check +CVE-2020-36215 (An issue was discovered in the hashconsing crate before 1.1.0 for Rust ...) + TODO: check +CVE-2020-36214 (An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust ...) + TODO: check +CVE-2020-36213 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...) + TODO: check +CVE-2020-36212 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...) + TODO: check +CVE-2020-36211 (An issue was discovered in the gfwx crate before 0.3.0 for Rust. Becau ...) + TODO: check +CVE-2020-36210 (An issue was discovered in the autorand crate before 0.2.3 for Rust. B ...) + TODO: check +CVE-2020-36209 (An issue was discovered in the late-static crate before 0.4.0 for Rust ...) + TODO: check +CVE-2020-36208 (An issue was discovered in the conquer-once crate before 0.3.2 for Rus ...) + TODO: check +CVE-2020-36207 (An issue was discovered in the aovec crate through 2020-12-10 for Rust ...) + TODO: check +CVE-2020-36206 (An issue was discovered in the rusb crate before 0.7.0 for Rust. Becau ...) + TODO: check +CVE-2020-36205 (An issue was discovered in the xcb crate through 2020-12-10 for Rust. ...) + TODO: check +CVE-2020-36204 (An issue was discovered in the im crate through 2020-11-09 for Rust. B ...) + TODO: check +CVE-2020-36203 (An issue was discovered in the reffers crate through 2020-12-01 for Ru ...) + TODO: check +CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for Rust. R ...) + TODO: check CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products. They do ...) NOT-FOR-US: Xerox CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated ...) @@ -5220,10 +5258,10 @@ CVE-2020-28490 RESERVED CVE-2020-28489 RESERVED -CVE-2020-28488 - RESERVED -CVE-2020-28487 - RESERVED +CVE-2020-28488 (This affects all versions of package jquery-ui; all versions of packag ...) + TODO: check +CVE-2020-28487 (This affects the package vis-timeline before 7.4.4. An attacker with t ...) + TODO: check CVE-2020-28486 RESERVED CVE-2020-28485 @@ -6709,6 +6747,7 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0. NOTE: https://github.com/jasper-software/jasper/pull/253 CVE-2020-27827 [lldp: avoid memory leak from bad packets] RESERVED + {DSA-4836-1} - lldpd 1.0.8-1 [buster] - lldpd <no-dsa> (Minor issue) [stretch] - lldpd <no-dsa> (Minor issue) @@ -9482,6 +9521,7 @@ CVE-2020-26666 CVE-2020-26665 RESERVED CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...) + {DSA-4834-1} - vlc 3.0.12-1 (low; bug #979676) [stretch] - vlc <postponed> (Minor issue, wait for next LTS release) NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c (3.0.12) @@ -15921,8 +15961,8 @@ CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Regi NOT-FOR-US: SourceCodester Online Course Registration CVE-2020-23827 RESERVED -CVE-2020-23826 - RESERVED +CVE-2020-23826 (The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote co ...) + TODO: check CVE-2020-23825 RESERVED CVE-2020-23824 (ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forger ...) @@ -17049,8 +17089,8 @@ CVE-2020-23264 RESERVED CVE-2020-23263 RESERVED -CVE-2020-23262 - RESERVED +CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a malicious user ...) + TODO: check CVE-2020-23261 RESERVED CVE-2020-23260 @@ -17249,12 +17289,12 @@ CVE-2020-23164 RESERVED CVE-2020-23163 RESERVED -CVE-2020-23162 - RESERVED -CVE-2020-23161 - RESERVED -CVE-2020-23160 - RESERVED +CVE-2020-23162 (Sensitive information disclosure and weak encryption in Pyrescom Termo ...) + TODO: check +CVE-2020-23161 (Local file inclusion in Pyrescom Termod4 time management devices befor ...) + TODO: check +CVE-2020-23160 (Remote code execution in Pyrescom Termod4 time management devices befo ...) + TODO: check CVE-2020-23159 RESERVED CVE-2020-23158 @@ -23048,8 +23088,8 @@ CVE-2020-20271 RESERVED CVE-2020-20270 RESERVED -CVE-2020-20269 - RESERVED +CVE-2020-20269 (A specially crafted Markdown document could cause the execution of mal ...) + TODO: check CVE-2020-20268 RESERVED CVE-2020-20267 @@ -28553,7 +28593,7 @@ CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX ( CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...) NOT-FOR-US: Apache NuttX CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...) - {DLA-2495-1} + {DSA-4835-1 DLA-2495-1} - tomcat9 9.0.40-1 - tomcat8 <removed> NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40) @@ -37293,7 +37333,7 @@ CVE-2020-13945 (In Apache APISIX, the user enabled the Admin API and deleted the CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some ...) - airflow <itp> (bug #819700) CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...) - {DLA-2407-1} + {DSA-4835-1 DLA-2407-1} - tomcat9 9.0.38-1 - tomcat8 <removed> NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38) @@ -40801,8 +40841,8 @@ CVE-2020-12527 RESERVED CVE-2020-12526 RESERVED -CVE-2020-12525 - RESERVED +CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x ...) + TODO: check CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...) NOT-FOR-US: Phoenix Contact HMIs BTP CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get ...) @@ -40823,14 +40863,14 @@ CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family NOT-FOR-US: WAGO CVE-2020-12515 RESERVED -CVE-2020-12514 - RESERVED -CVE-2020-12513 - RESERVED -CVE-2020-12512 - RESERVED -CVE-2020-12511 - RESERVED +CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + TODO: check +CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + TODO: check +CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + TODO: check +CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + TODO: check CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...) NOT-FOR-US: Beckhoff CVE-2020-12509 @@ -59768,8 +59808,8 @@ CVE-2020-4768 RESERVED CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...) NOT-FOR-US: IBM -CVE-2020-4766 - RESERVED +CVE-2020-4766 (IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cau ...) + TODO: check CVE-2020-4765 RESERVED CVE-2020-4764 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 44c8d16821..e10f8db8cb 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,27 @@ +CVE-2021-25911 + RESERVED +CVE-2021-25910 + RESERVED +CVE-2021-25909 + RESERVED +CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...) + TODO: check +CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...) + TODO: check +CVE-2021-25906 (An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for ...) + TODO: check +CVE-2021-25905 (An issue was discovered in the bra crate before 0.1.1 for Rust. It lac ...) + TODO: check +CVE-2021-25904 (An issue was discovered in the av-data crate before 0.3.0 for Rust. A ...) + TODO: check +CVE-2021-25903 (An issue was discovered in the cache crate through 2021-01-01 for Rust ...) + TODO: check +CVE-2021-25902 (An issue was discovered in the glsl-layout crate before 0.4.0 for Rust ...) + TODO: check +CVE-2021-25901 (An issue was discovered in the lazy-init crate through 2021-01-17 for ...) + TODO: check +CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...) + TODO: check CVE-2021-3280 RESERVED CVE-2021-3279 @@ -16,8 +40,8 @@ CVE-2021-3273 RESERVED CVE-2021-3272 RESERVED -CVE-2021-3271 - RESERVED +CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...) + TODO: check CVE-2021-3270 RESERVED CVE-2021-3269 @@ -6487,12 +6511,12 @@ CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attacker NOT-FOR-US: HGiga EIP CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...) NOT-FOR-US: HGiga EIP -CVE-2021-22849 - RESERVED +CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...) + TODO: check CVE-2021-22848 RESERVED -CVE-2021-22847 - RESERVED +CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...) + TODO: check CVE-2021-22846 RESERVED CVE-2021-22845 @@ -9706,8 +9730,8 @@ CVE-2021-21272 RESERVED CVE-2021-21271 RESERVED -CVE-2021-21270 - RESERVED +CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...) + TODO: check CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...) NOT-FOR-US: Keymaker CVE-2021-21268 @@ -9722,10 +9746,10 @@ CVE-2021-21264 RESERVED CVE-2021-21262 RESERVED -CVE-2021-21260 - RESERVED -CVE-2021-21259 - RESERVED +CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean ...) + TODO: check +CVE-2021-21259 (HedgeDoc is open source software which lets you create real-time colla ...) + TODO: check CVE-2021-21258 RESERVED CVE-2021-21257 |