diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-10 08:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-10 08:10:22 +0000 |
commit | effbd19553589c3593b1b26e2fb122a5c9e479af (patch) | |
tree | 1bd9d89cc05d2507086a0b249fa999f7c14f6dd8 | |
parent | 76f4562df8879c9d9ca146f8fcb593e727e4f58f (diff) |
automatic update
-rw-r--r-- | data/CVE/2019.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 49 | ||||
-rw-r--r-- | data/CVE/2021.list | 383 |
3 files changed, 387 insertions, 47 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 130bdfcbb2..f757ad92ec 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -42336,10 +42336,12 @@ CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investin CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...) NOT-FOR-US: Investintech CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...) + {DLA-2553-1} - xcftools <unfixed> (bug #945317) NOTE: https://github.com/j-jorge/xcftools/issues/13 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879 CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...) + {DLA-2553-1} - xcftools <unfixed> (bug #945317) NOTE: https://github.com/j-jorge/xcftools/issues/12 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index f80188df87..7606bb0808 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,5 @@ +CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has ...) + TODO: check CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injecti ...) NOT-FOR-US: OpenEMR CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain sequences ...) @@ -2621,8 +2623,8 @@ CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-book NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...) NOT-FOR-US: Typesetter CMS -CVE-2020-35125 - RESERVED +CVE-2020-35125 (A cross-site scripting (XSS) vulnerability in the forms component of M ...) + TODO: check CVE-2020-35124 (A cross-site scripting (XSS) vulnerability in the assets component of ...) NOT-FOR-US: Mautic CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 ...) @@ -4611,10 +4613,10 @@ CVE-2020-28873 RESERVED CVE-2020-28872 RESERVED -CVE-2020-28871 - RESERVED -CVE-2020-28870 - RESERVED +CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...) + TODO: check +CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...) + TODO: check CVE-2020-28869 RESERVED CVE-2020-28868 @@ -10744,18 +10746,18 @@ CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 cont NOT-FOR-US: EMC CVE-2020-26197 RESERVED -CVE-2020-26196 - RESERVED -CVE-2020-26195 - RESERVED -CVE-2020-26194 - RESERVED -CVE-2020-26193 - RESERVED -CVE-2020-26192 - RESERVED -CVE-2020-26191 - RESERVED +CVE-2020-26196 (Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restor ...) + TODO: check +CVE-2020-26195 (Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issu ...) + TODO: check +CVE-2020-26194 (Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrec ...) + TODO: check +CVE-2020-26193 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper i ...) + TODO: check +CVE-2020-26192 (Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege e ...) + TODO: check +CVE-2020-26191 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege e ...) + TODO: check CVE-2020-26190 RESERVED CVE-2020-26189 @@ -18116,8 +18118,8 @@ CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an TODO: check CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...) TODO: check -CVE-2020-22839 - RESERVED +CVE-2020-22839 (Reflected cross-site scripting vulnerability (XSS) in the evoadm.php f ...) + TODO: check CVE-2020-22838 RESERVED CVE-2020-22837 @@ -36445,8 +36447,7 @@ CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b -CVE-2020-14343 [.load() and FullLoader still vulnerable to fairly trivial RCE] - RESERVED +CVE-2020-14343 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml <unfixed> (bug #966233) [buster] - pyyaml <not-affected> (Vulnerable code not present) [stretch] - pyyaml <not-affected> (Vulnerable code not present) @@ -50820,7 +50821,7 @@ CVE-2020-8610 CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) - {DSA-4733-1 DLA-2288-1 DLA-2144-1 DLA-2142-1} + {DSA-4733-1 DLA-2551-1 DLA-2288-1 DLA-2144-1 DLA-2142-1} - libslirp 4.2.0-1 - qemu 1:4.1-2 - qemu-kvm <removed> @@ -54548,7 +54549,7 @@ CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/stor NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3 NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1 CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...) - {DSA-4616-1 DLA-2090-1 DLA-2076-1} + {DSA-4616-1 DLA-2551-1 DLA-2090-1 DLA-2076-1} - libslirp 4.1.0-2 (bug #949084) - qemu 1:4.1-2 - qemu-kvm <removed> diff --git a/data/CVE/2021.list b/data/CVE/2021.list index ac0ad29e57..5e738e8e90 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,339 @@ +CVE-2021-3407 + RESERVED +CVE-2021-3406 + RESERVED +CVE-2021-3405 + RESERVED +CVE-2021-27104 + RESERVED +CVE-2021-27103 + RESERVED +CVE-2021-27102 + RESERVED +CVE-2021-27101 + RESERVED +CVE-2021-27100 + RESERVED +CVE-2021-27099 + RESERVED +CVE-2021-27098 + RESERVED +CVE-2021-27097 + RESERVED +CVE-2021-27096 + RESERVED +CVE-2021-27095 + RESERVED +CVE-2021-27094 + RESERVED +CVE-2021-27093 + RESERVED +CVE-2021-27092 + RESERVED +CVE-2021-27091 + RESERVED +CVE-2021-27090 + RESERVED +CVE-2021-27089 + RESERVED +CVE-2021-27088 + RESERVED +CVE-2021-27087 + RESERVED +CVE-2021-27086 + RESERVED +CVE-2021-27085 + RESERVED +CVE-2021-27084 + RESERVED +CVE-2021-27083 + RESERVED +CVE-2021-27082 + RESERVED +CVE-2021-27081 + RESERVED +CVE-2021-27080 + RESERVED +CVE-2021-27079 + RESERVED +CVE-2021-27078 + RESERVED +CVE-2021-27077 + RESERVED +CVE-2021-27076 + RESERVED +CVE-2021-27075 + RESERVED +CVE-2021-27074 + RESERVED +CVE-2021-27073 + RESERVED +CVE-2021-27072 + RESERVED +CVE-2021-27071 + RESERVED +CVE-2021-27070 + RESERVED +CVE-2021-27069 + RESERVED +CVE-2021-27068 + RESERVED +CVE-2021-27067 + RESERVED +CVE-2021-27066 + RESERVED +CVE-2021-27065 + RESERVED +CVE-2021-27064 + RESERVED +CVE-2021-27063 + RESERVED +CVE-2021-27062 + RESERVED +CVE-2021-27061 + RESERVED +CVE-2021-27060 + RESERVED +CVE-2021-27059 + RESERVED +CVE-2021-27058 + RESERVED +CVE-2021-27057 + RESERVED +CVE-2021-27056 + RESERVED +CVE-2021-27055 + RESERVED +CVE-2021-27054 + RESERVED +CVE-2021-27053 + RESERVED +CVE-2021-27052 + RESERVED +CVE-2021-27051 + RESERVED +CVE-2021-27050 + RESERVED +CVE-2021-27049 + RESERVED +CVE-2021-27048 + RESERVED +CVE-2021-27047 + RESERVED +CVE-2021-27046 + RESERVED +CVE-2021-27045 + RESERVED +CVE-2021-27044 + RESERVED +CVE-2021-27043 + RESERVED +CVE-2021-27042 + RESERVED +CVE-2021-27041 + RESERVED +CVE-2021-27040 + RESERVED +CVE-2021-27039 + RESERVED +CVE-2021-27038 + RESERVED +CVE-2021-27037 + RESERVED +CVE-2021-27036 + RESERVED +CVE-2021-27035 + RESERVED +CVE-2021-27034 + RESERVED +CVE-2021-27033 + RESERVED +CVE-2021-27032 + RESERVED +CVE-2021-27031 + RESERVED +CVE-2021-27030 + RESERVED +CVE-2021-27029 + RESERVED +CVE-2021-27028 + RESERVED +CVE-2021-27027 + RESERVED +CVE-2021-27026 + RESERVED +CVE-2021-27025 + RESERVED +CVE-2021-27024 + RESERVED +CVE-2021-27023 + RESERVED +CVE-2021-27022 + RESERVED +CVE-2021-27021 + RESERVED +CVE-2021-27020 + RESERVED +CVE-2021-27019 + RESERVED +CVE-2021-27018 + RESERVED +CVE-2021-27017 + RESERVED +CVE-2021-27016 + RESERVED +CVE-2021-27015 + RESERVED +CVE-2021-27014 + RESERVED +CVE-2021-27013 + RESERVED +CVE-2021-27012 + RESERVED +CVE-2021-27011 + RESERVED +CVE-2021-27010 + RESERVED +CVE-2021-27009 + RESERVED +CVE-2021-27008 + RESERVED +CVE-2021-27007 + RESERVED +CVE-2021-27006 + RESERVED +CVE-2021-27005 + RESERVED +CVE-2021-27004 + RESERVED +CVE-2021-27003 + RESERVED +CVE-2021-27002 + RESERVED +CVE-2021-27001 + RESERVED +CVE-2021-27000 + RESERVED +CVE-2021-26999 + RESERVED +CVE-2021-26998 + RESERVED +CVE-2021-26997 + RESERVED +CVE-2021-26996 + RESERVED +CVE-2021-26995 + RESERVED +CVE-2021-26994 + RESERVED +CVE-2021-26993 + RESERVED +CVE-2021-26992 + RESERVED +CVE-2021-26991 + RESERVED +CVE-2021-26990 + RESERVED +CVE-2021-26989 + RESERVED +CVE-2021-26988 + RESERVED +CVE-2021-26987 + RESERVED +CVE-2021-26986 + RESERVED +CVE-2021-26985 + RESERVED +CVE-2021-26984 + RESERVED +CVE-2021-26983 + RESERVED +CVE-2021-26982 + RESERVED +CVE-2021-26981 + RESERVED +CVE-2021-26980 + RESERVED +CVE-2021-26979 + RESERVED +CVE-2021-26978 + RESERVED +CVE-2021-26977 + RESERVED +CVE-2021-26976 + RESERVED +CVE-2021-26975 + RESERVED +CVE-2021-26974 + RESERVED +CVE-2021-26973 + RESERVED +CVE-2021-26972 + RESERVED +CVE-2021-26971 + RESERVED +CVE-2021-26970 + RESERVED +CVE-2021-26969 + RESERVED +CVE-2021-26968 + RESERVED +CVE-2021-26967 + RESERVED +CVE-2021-26966 + RESERVED +CVE-2021-26965 + RESERVED +CVE-2021-26964 + RESERVED +CVE-2021-26963 + RESERVED +CVE-2021-26962 + RESERVED +CVE-2021-26961 + RESERVED +CVE-2021-26960 + RESERVED +CVE-2021-26959 (An issue was discovered in the hyper crate before 0.13.10 and 0.14.x b ...) + TODO: check +CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + TODO: check +CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + TODO: check +CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + TODO: check +CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + TODO: check +CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...) + TODO: check +CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...) + TODO: check +CVE-2021-26952 (An issue was discovered in the ms3d crate before 0.1.3 for Rust. It mi ...) + TODO: check +CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for Rust. ...) + TODO: check +CVE-2021-26944 + RESERVED +CVE-2021-26943 + RESERVED +CVE-2021-26942 + RESERVED +CVE-2021-26941 + RESERVED +CVE-2021-26940 + RESERVED +CVE-2021-26939 + RESERVED +CVE-2021-26938 + RESERVED +CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...) + TODO: check +CVE-2021-23219 + RESERVED +CVE-2021-23217 + RESERVED +CVE-2021-23201 + RESERVED CVE-2021-3404 RESERVED CVE-2021-3403 @@ -68,7 +404,7 @@ CVE-2021-26906 RESERVED CVE-2021-3402 RESERVED -CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of requests f ...) +CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...) NOT-FOR-US: 1Password SCIM Bridge CVE-2021-26904 RESERVED @@ -175,6 +511,7 @@ CVE-2021-26854 CVE-2021-26853 RESERVED CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...) + {DSA-4849-1} - firejail 0.9.64.4-1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5 NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b @@ -570,12 +907,12 @@ CVE-2021-3397 CVE-2021-3396 RESERVED CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...) - {DSA-4847-1} + {DSA-4847-1 DLA-2552-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...) - {DSA-4847-1} + {DSA-4847-1 DLA-2552-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb CVE-2021-26674 @@ -845,8 +1182,8 @@ CVE-2021-26553 RESERVED CVE-2021-26552 RESERVED -CVE-2021-26551 - RESERVED +CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...) + TODO: check CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...) TODO: check CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to ...) @@ -11718,8 +12055,8 @@ CVE-2021-21504 RESERVED CVE-2021-21503 RESERVED -CVE-2021-21502 - RESERVED +CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of S ...) + TODO: check CVE-2021-21501 RESERVED CVE-2021-21500 @@ -11778,22 +12115,22 @@ CVE-2021-21481 RESERVED CVE-2021-21480 RESERVED -CVE-2021-21479 - RESERVED -CVE-2021-21478 - RESERVED -CVE-2021-21477 - RESERVED -CVE-2021-21476 - RESERVED -CVE-2021-21475 - RESERVED -CVE-2021-21474 - RESERVED +CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...) + TODO: check +CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...) + TODO: check +CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...) + TODO: check +CVE-2021-21476 (SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84. ...) + TODO: check +CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...) + TODO: check +CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...) + TODO: check CVE-2021-21473 RESERVED -CVE-2021-21472 - RESERVED +CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...) + TODO: check CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...) NOT-FOR-US: CLA-Assistant CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in ...) @@ -11848,8 +12185,8 @@ CVE-2021-21446 (SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 75 NOT-FOR-US: SAP CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an ...) NOT-FOR-US: SAP -CVE-2021-21444 - RESERVED +CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...) + TODO: check CVE-2021-21443 RESERVED CVE-2021-21442 |