diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-02-26 20:10:29 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-26 20:10:29 +0000 |
| commit | 9f95d697310119bfe8c7ffcc6635a4e4c7ffeb92 (patch) | |
| tree | cd7002f831e3abfc4026c7cd7061cb35ee4d6d05 | |
| parent | 18362ca7bddb8165062981d2e48ad1da7fc6b56a (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2019.list | 4 | ||||
| -rw-r--r-- | data/CVE/2020.list | 19 | ||||
| -rw-r--r-- | data/CVE/2021.list | 52 |
3 files changed, 38 insertions, 37 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 9e73b87e99..4b545f68ad 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -24386,8 +24386,8 @@ CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A v NOT-FOR-US: Western Digital CVE-2019-11685 RESERVED -CVE-2019-11684 - RESERVED +CVE-2019-11684 (Improper Access Control in the RCP+ server of the Bosch Video Recordin ...) + TODO: check CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel ...) - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c96c552f85..ab2378365f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,5 @@ +CVE-2020-35358 + RESERVED CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...) - dropbear 2020.79-1 NOTE: https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff @@ -2202,7 +2204,6 @@ CVE-2020-35360 RESERVED CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server ...) NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file - RESERVED CVE-2020-35357 RESERVED CVE-2020-35356 @@ -5133,8 +5134,8 @@ CVE-2020-28648 (Improper input validation in the Auto-Discovery component of Nag NOT-FOR-US: Nagios XI CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user could craf ...) NOT-FOR-US: Progress MOVEit Transfer -CVE-2020-28646 - RESERVED +CVE-2020-28646 (ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop ...) + TODO: check CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...) - owncloud <removed> CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...) @@ -6124,8 +6125,8 @@ CVE-2020-28201 RESERVED CVE-2020-28200 RESERVED -CVE-2020-28199 - RESERVED +CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive ...) + TODO: check CVE-2020-28198 RESERVED CVE-2020-28197 @@ -10820,8 +10821,8 @@ CVE-2020-26202 RESERVED CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak pass ...) NOT-FOR-US: Askey -CVE-2020-26200 - RESERVED +CVE-2020-26200 (A component of Kaspersky custom boot loader allowed loading of untrust ...) + TODO: check CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...) NOT-FOR-US: EMC CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a ...) @@ -14374,8 +14375,8 @@ CVE-2020-24688 RESERVED CVE-2020-24687 RESERVED -CVE-2020-24686 - RESERVED +CVE-2020-24686 (The vulnerabilities can be exploited to cause the web visualization co ...) + TODO: check CVE-2020-24685 (An unauthenticated specially crafted packet sent by an attacker over t ...) NOT-FOR-US: ABB CVE-2020-24684 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index b95551f8aa..93d73629d3 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,7 @@ +CVE-2021-27738 + RESERVED +CVE-2021-27737 + RESERVED CVE-2021-XXXX [P2P: Fix a corner case in peer addition based on PD Request] - wpa 2:2.9.0-21 NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3 @@ -1787,10 +1791,10 @@ CVE-2021-3402 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/ CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...) NOT-FOR-US: 1Password SCIM Bridge -CVE-2021-26904 - RESERVED -CVE-2021-26903 - RESERVED +CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...) + TODO: check +CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...) + TODO: check CVE-2021-26902 RESERVED CVE-2021-26901 @@ -8345,12 +8349,10 @@ CVE-2021-23981 RESERVED CVE-2021-23980 RESERVED -CVE-2021-23979 - RESERVED +CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85. ...) - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979 -CVE-2021-23978 - RESERVED +CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...) {DSA-4862-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 @@ -8407,12 +8409,10 @@ CVE-2021-23967 RESERVED CVE-2021-23966 RESERVED -CVE-2021-23965 - RESERVED +CVE-2021-23965 (Mozilla developers reported memory safety bugs present in Firefox 84. ...) - firefox 85.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965 -CVE-2021-23964 - RESERVED +CVE-2021-23964 (Mozilla developers reported memory safety bugs present in Firefox 84 a ...) {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 @@ -9766,8 +9766,8 @@ CVE-2021-23347 RESERVED CVE-2021-23346 RESERVED -CVE-2021-23345 - RESERVED +CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...) + TODO: check CVE-2021-23344 RESERVED CVE-2021-23343 @@ -11169,8 +11169,8 @@ CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validatio NOT-FOR-US: Cscape CVE-2021-22662 RESERVED -CVE-2021-22661 - RESERVED +CVE-2021-22661 (Changing the password on the module webpage does not require the user ...) + TODO: check CVE-2021-22660 RESERVED CVE-2021-22659 @@ -12581,8 +12581,8 @@ CVE-2021-3012 RESERVED CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...) NOT-FOR-US: NXP -CVE-2021-3010 - RESERVED +CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...) + TODO: check CVE-2021-3009 RESERVED CVE-2021-3008 @@ -13969,10 +13969,10 @@ CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS ( NOT-FOR-US: Wire CVE-2021-21300 RESERVED -CVE-2021-21298 - RESERVED -CVE-2021-21297 - RESERVED +CVE-2021-21298 (Node-Red is a low-code programming for event-driven applications built ...) + TODO: check +CVE-2021-21297 (Node-Red is a low-code programming for event-driven applications built ...) + TODO: check CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...) NOT-FOR-US: Fleet CVE-2021-21295 @@ -14036,10 +14036,10 @@ CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3 NOT-FOR-US: Polr CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...) NOT-FOR-US: MediaWiki Report extention -CVE-2021-21274 - RESERVED -CVE-2021-21273 - RESERVED +CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + TODO: check +CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + TODO: check CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...) NOT-FOR-US: ORAS CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...) |