summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2021-03-06 08:10:21 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2021-03-06 08:10:21 +0000
commit9db0a6072945f481e6982cd8682d0a6001dc367d (patch)
treeebb2fd5f40cd14a43ab034992644a5e6b2897b16
parentb0d9a0f9667c7e3cd8fa70c8a5199d22ee01d49a (diff)
automatic update
-rw-r--r--data/CVE/2020.list16
-rw-r--r--data/CVE/2021.list43
2 files changed, 37 insertions, 22 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 207d1be343..a741328d2f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -4266,12 +4266,12 @@ CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware
NOT-FOR-US: Secomea GateManager
CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...)
NOT-FOR-US: GateManager
-CVE-2020-29030
- RESERVED
-CVE-2020-29029
- RESERVED
-CVE-2020-29028
- RESERVED
+CVE-2020-29030 (Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea ...)
+ TODO: check
+CVE-2020-29029 (Improper Input Validation, Cross-site Scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2020-29028 (Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateMan ...)
+ TODO: check
CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
NOT-FOR-US: Secomea
CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
@@ -4286,8 +4286,8 @@ CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManag
NOT-FOR-US: Secomea
CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
NOT-FOR-US: GateManager
-CVE-2020-29020
- RESERVED
+CVE-2020-29020 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
+ TODO: check
CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through ...)
NOT-FOR-US: Fortiguard
CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 11da8f5044..ea1c62bcb4 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,19 @@
+CVE-2021-28049
+ RESERVED
+CVE-2021-28048
+ RESERVED
+CVE-2021-28047
+ RESERVED
+CVE-2021-28046
+ RESERVED
+CVE-2021-28045
+ RESERVED
+CVE-2021-28044
+ RESERVED
+CVE-2021-28043
+ RESERVED
+CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
+ TODO: check
CVE-2021-3423
RESERVED
CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
@@ -264,8 +280,7 @@ CVE-2021-27919
RESERVED
CVE-2021-27918
RESERVED
-CVE-2021-3420
- RESERVED
+CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
- newlib <unfixed> (bug #984446)
[buster] - newlib <no-dsa> (Minor issue)
- picolibc 1.5-1
@@ -974,8 +989,8 @@ CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, a
NOT-FOR-US: Directus
CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...)
NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
-CVE-2021-27581
- RESERVED
+CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...)
+ TODO: check
CVE-2021-27580
RESERVED
CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on ...)
@@ -1642,14 +1657,14 @@ CVE-2021-27259
RESERVED
CVE-2021-27258
RESERVED
-CVE-2021-27257
- RESERVED
-CVE-2021-27256
- RESERVED
-CVE-2021-27255
- RESERVED
-CVE-2021-27254
- RESERVED
+CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
+ TODO: check
+CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ TODO: check
CVE-2021-27253
RESERVED
CVE-2021-27252
@@ -2653,8 +2668,8 @@ CVE-2021-26816
RESERVED
CVE-2021-26815
RESERVED
-CVE-2021-26814
- RESERVED
+CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...)
+ TODO: check
CVE-2021-26813 (markdown2 &gt;=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
- python-markdown2 <unfixed>
NOTE: https://github.com/trentm/python-markdown2/pull/387

© 2014-2022 Faster IT GmbH | imprint | privacy policy