diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-01-30 08:10:17 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-30 08:10:17 +0000 |
| commit | a06073834c3cdf7c7c90b19bfdbc9b517cdfd724 (patch) | |
| tree | 5580b4bdf201a3be19bf503913c09478a90fe9e2 | |
| parent | a56790f00a40be64d52f5613d729bea0c87e258e (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2017.list | 6 | ||||
| -rw-r--r-- | data/CVE/2018.list | 4 | ||||
| -rw-r--r-- | data/CVE/2020.list | 19 | ||||
| -rw-r--r-- | data/CVE/2021.list | 310 |
4 files changed, 319 insertions, 20 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index c3a27825ea..bf02fc97dd 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -11094,7 +11094,7 @@ CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allow [wheezy] - redis <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/antirez/redis/issues/4278 NOTE: Pull request: https://github.com/antirez/redis/pull/4365 -CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples i ...) +CVE-2017-15046 (LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/479/ @@ -11238,7 +11238,7 @@ CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_ini [stretch] - lame <ignored> (Minor issue) [jessie] - lame <ignored> (Minor issue) NOTE: https://sourceforge.net/p/lame/bugs/477/ -CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malforme ...) +CVE-2017-15018 (LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/480/ @@ -13919,7 +13919,7 @@ CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password pag NOT-FOR-US: Maplesoft Maple CVE-2017-14133 RESERVED -CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service (he ...) +CVE-2017-14132 (JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900 ...) {DLA-1583-1} - jasper <removed> (low) [wheezy] - jasper <ignored> (Minor issue) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index a7198d14dd..a987d2e603 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -5025,11 +5025,11 @@ CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe {DLA-1628-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/182 -CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...) +CVE-2018-19541 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...) {DLA-1628-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/182 -CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...) +CVE-2018-19540 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...) {DLA-1628-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/182 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e072b4496f..f4772f65de 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -2971,8 +2971,8 @@ CVE-2020-29559 RESERVED CVE-2020-29558 RESERVED -CVE-2020-29557 - RESERVED +CVE-2020-29557 (An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 bef ...) + TODO: check CVE-2020-29556 RESERVED CVE-2020-29555 @@ -29043,8 +29043,7 @@ CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow NOT-FOR-US: MSI AmbientLink MsIo64 driver CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...) NOT-FOR-US: Ghisler Total Commander -CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c] - RESERVED +CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...) - qemu <unfixed> (bug #970937) [buster] - qemu <postponed> (Minor issue, fix along in future DSA) [stretch] - qemu <postponed> (Minor issue, fix along in future DLA) @@ -32955,8 +32954,8 @@ CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL a [stretch] - nim <no-dsa> (Minor issue) CVE-2020-15691 RESERVED -CVE-2020-15690 - RESERVED +CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...) + TODO: check CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...) NOT-FOR-US: Appweb CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...) @@ -33326,8 +33325,8 @@ CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-afte - milkytracker 1.02.00+dfsg-2.1 (bug #964797) [buster] - milkytracker 1.02.00+dfsg-1+deb10u1 NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf -CVE-2020-15568 - RESERVED +CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...) + TODO: check CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 @@ -36011,8 +36010,8 @@ CVE-2020-14420 RESERVED CVE-2020-14419 RESERVED -CVE-2020-14418 - RESERVED +CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...) + TODO: check CVE-2020-14417 RESERVED CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index c719be095e..3edb58d36e 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,303 @@ +CVE-2021-26460 + RESERVED +CVE-2021-26459 + RESERVED +CVE-2021-26458 + RESERVED +CVE-2021-26457 + RESERVED +CVE-2021-26456 + RESERVED +CVE-2021-26455 + RESERVED +CVE-2021-26454 + RESERVED +CVE-2021-26453 + RESERVED +CVE-2021-26452 + RESERVED +CVE-2021-26451 + RESERVED +CVE-2021-26450 + RESERVED +CVE-2021-26449 + RESERVED +CVE-2021-26448 + RESERVED +CVE-2021-26447 + RESERVED +CVE-2021-26446 + RESERVED +CVE-2021-26445 + RESERVED +CVE-2021-26444 + RESERVED +CVE-2021-26443 + RESERVED +CVE-2021-26442 + RESERVED +CVE-2021-26441 + RESERVED +CVE-2021-26440 + RESERVED +CVE-2021-26439 + RESERVED +CVE-2021-26438 + RESERVED +CVE-2021-26437 + RESERVED +CVE-2021-26436 + RESERVED +CVE-2021-26435 + RESERVED +CVE-2021-26434 + RESERVED +CVE-2021-26433 + RESERVED +CVE-2021-26432 + RESERVED +CVE-2021-26431 + RESERVED +CVE-2021-26430 + RESERVED +CVE-2021-26429 + RESERVED +CVE-2021-26428 + RESERVED +CVE-2021-26427 + RESERVED +CVE-2021-26426 + RESERVED +CVE-2021-26425 + RESERVED +CVE-2021-26424 + RESERVED +CVE-2021-26423 + RESERVED +CVE-2021-26422 + RESERVED +CVE-2021-26421 + RESERVED +CVE-2021-26420 + RESERVED +CVE-2021-26419 + RESERVED +CVE-2021-26418 + RESERVED +CVE-2021-26417 + RESERVED +CVE-2021-26416 + RESERVED +CVE-2021-26415 + RESERVED +CVE-2021-26414 + RESERVED +CVE-2021-26413 + RESERVED +CVE-2021-26412 + RESERVED +CVE-2021-26411 + RESERVED +CVE-2021-26410 + RESERVED +CVE-2021-26409 + RESERVED +CVE-2021-26408 + RESERVED +CVE-2021-26407 + RESERVED +CVE-2021-26406 + RESERVED +CVE-2021-26405 + RESERVED +CVE-2021-26404 + RESERVED +CVE-2021-26403 + RESERVED +CVE-2021-26402 + RESERVED +CVE-2021-26401 + RESERVED +CVE-2021-26400 + RESERVED +CVE-2021-26399 + RESERVED +CVE-2021-26398 + RESERVED +CVE-2021-26397 + RESERVED +CVE-2021-26396 + RESERVED +CVE-2021-26395 + RESERVED +CVE-2021-26394 + RESERVED +CVE-2021-26393 + RESERVED +CVE-2021-26392 + RESERVED +CVE-2021-26391 + RESERVED +CVE-2021-26390 + RESERVED +CVE-2021-26389 + RESERVED +CVE-2021-26388 + RESERVED +CVE-2021-26387 + RESERVED +CVE-2021-26386 + RESERVED +CVE-2021-26385 + RESERVED +CVE-2021-26384 + RESERVED +CVE-2021-26383 + RESERVED +CVE-2021-26382 + RESERVED +CVE-2021-26381 + RESERVED +CVE-2021-26380 + RESERVED +CVE-2021-26379 + RESERVED +CVE-2021-26378 + RESERVED +CVE-2021-26377 + RESERVED +CVE-2021-26376 + RESERVED +CVE-2021-26375 + RESERVED +CVE-2021-26374 + RESERVED +CVE-2021-26373 + RESERVED +CVE-2021-26372 + RESERVED +CVE-2021-26371 + RESERVED +CVE-2021-26370 + RESERVED +CVE-2021-26369 + RESERVED +CVE-2021-26368 + RESERVED +CVE-2021-26367 + RESERVED +CVE-2021-26366 + RESERVED +CVE-2021-26365 + RESERVED +CVE-2021-26364 + RESERVED +CVE-2021-26363 + RESERVED +CVE-2021-26362 + RESERVED +CVE-2021-26361 + RESERVED +CVE-2021-26360 + RESERVED +CVE-2021-26359 + RESERVED +CVE-2021-26358 + RESERVED +CVE-2021-26357 + RESERVED +CVE-2021-26356 + RESERVED +CVE-2021-26355 + RESERVED +CVE-2021-26354 + RESERVED +CVE-2021-26353 + RESERVED +CVE-2021-26352 + RESERVED +CVE-2021-26351 + RESERVED +CVE-2021-26350 + RESERVED +CVE-2021-26349 + RESERVED +CVE-2021-26348 + RESERVED +CVE-2021-26347 + RESERVED +CVE-2021-26346 + RESERVED +CVE-2021-26345 + RESERVED +CVE-2021-26344 + RESERVED +CVE-2021-26343 + RESERVED +CVE-2021-26342 + RESERVED +CVE-2021-26341 + RESERVED +CVE-2021-26340 + RESERVED +CVE-2021-26339 + RESERVED +CVE-2021-26338 + RESERVED +CVE-2021-26337 + RESERVED +CVE-2021-26336 + RESERVED +CVE-2021-26335 + RESERVED +CVE-2021-26334 + RESERVED +CVE-2021-26333 + RESERVED +CVE-2021-26332 + RESERVED +CVE-2021-26331 + RESERVED +CVE-2021-26330 + RESERVED +CVE-2021-26329 + RESERVED +CVE-2021-26328 + RESERVED +CVE-2021-26327 + RESERVED +CVE-2021-26326 + RESERVED +CVE-2021-26325 + RESERVED +CVE-2021-26324 + RESERVED +CVE-2021-26323 + RESERVED +CVE-2021-26322 + RESERVED +CVE-2021-26321 + RESERVED +CVE-2021-26320 + RESERVED +CVE-2021-26319 + RESERVED +CVE-2021-26318 + RESERVED +CVE-2021-26317 + RESERVED +CVE-2021-26316 + RESERVED +CVE-2021-26315 + RESERVED +CVE-2021-26314 + RESERVED +CVE-2021-26313 + RESERVED +CVE-2021-26312 + RESERVED +CVE-2021-26311 + RESERVED CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...) TODO: check CVE-2021-3344 @@ -6,7 +306,7 @@ CVE-2021-26310 RESERVED CVE-2021-26309 RESERVED -CVE-2021-3345 [libgcrypt heap overflow] +CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 ...) [experimental] - libgcrypt20 <unfixed> (bug #981370) - libgcrypt20 <not-affected> (Only affected 1.9) NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html @@ -1658,8 +1958,8 @@ CVE-2021-25648 RESERVED CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...) NOT-FOR-US: Mobile application "Testes de Codigo" -CVE-2021-25646 - RESERVED +CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...) + TODO: check CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...) - xen <unfixed> (bug #981052) [buster] - xen <not-affected> (Vulnerable code introduced later) @@ -10778,8 +11078,8 @@ CVE-2021-21256 RESERVED CVE-2021-21255 RESERVED -CVE-2021-21254 - RESERVED +CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a modular ...) + TODO: check CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...) NOT-FOR-US: OnlineVotingSystem CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...) |