automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-02-10 08:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-02-10 08:10:22 +0000
commit: effbd19553589c3593b1b26e2fb122a5c9e479af (patch)
tree: 1bd9d89cc05d2507086a0b249fa999f7c14f6dd8
parent: 76f4562df8879c9d9ca146f8fcb593e727e4f58f (diff)
3 files changed, 387 insertions, 47 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 130bdfcbb2..f757ad92ec 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -42336,10 +42336,12 @@ CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investin
 CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech  ...)
 	NOT-FOR-US: Investintech
 CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
+	{DLA-2553-1}
 	- xcftools <unfixed> (bug #945317)
 	NOTE: https://github.com/j-jorge/xcftools/issues/13
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879
 CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
+	{DLA-2553-1}
 	- xcftools <unfixed> (bug #945317)
 	NOTE: https://github.com/j-jorge/xcftools/issues/12
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index f80188df87..7606bb0808 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,5 @@
+CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has  ...)
+	TODO: check
 CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injecti ...)
 	NOT-FOR-US: OpenEMR
 CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain sequences ...)
@@ -2621,8 +2623,8 @@ CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-book
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...)
 	NOT-FOR-US: Typesetter CMS
-CVE-2020-35125
-	RESERVED
+CVE-2020-35125 (A cross-site scripting (XSS) vulnerability in the forms component of M ...)
+	TODO: check
 CVE-2020-35124 (A cross-site scripting (XSS) vulnerability in the assets component of  ...)
 	NOT-FOR-US: Mautic
 CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions &lt; 9.0.0 P10  ...)
@@ -4611,10 +4613,10 @@ CVE-2020-28873
 	RESERVED
 CVE-2020-28872
 	RESERVED
-CVE-2020-28871
-	RESERVED
-CVE-2020-28870
-	RESERVED
+CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...)
+	TODO: check
+CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...)
+	TODO: check
 CVE-2020-28869
 	RESERVED
 CVE-2020-28868
@@ -10744,18 +10746,18 @@ CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 cont
 	NOT-FOR-US: EMC
 CVE-2020-26197
 	RESERVED
-CVE-2020-26196
-	RESERVED
-CVE-2020-26195
-	RESERVED
-CVE-2020-26194
-	RESERVED
-CVE-2020-26193
-	RESERVED
-CVE-2020-26192
-	RESERVED
-CVE-2020-26191
-	RESERVED
+CVE-2020-26196 (Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restor ...)
+	TODO: check
+CVE-2020-26195 (Dell EMC PowerScale OneFS versions 8.1.2 &#8211; 9.1.0 contain an issu ...)
+	TODO: check
+CVE-2020-26194 (Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrec ...)
+	TODO: check
+CVE-2020-26193 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper i ...)
+	TODO: check
+CVE-2020-26192 (Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege e ...)
+	TODO: check
+CVE-2020-26191 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege e ...)
+	TODO: check
 CVE-2020-26190
 	RESERVED
 CVE-2020-26189
@@ -18116,8 +18118,8 @@ CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an
 	TODO: check
 CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...)
 	TODO: check
-CVE-2020-22839
-	RESERVED
+CVE-2020-22839 (Reflected cross-site scripting vulnerability (XSS) in the evoadm.php f ...)
+	TODO: check
 CVE-2020-22838
 	RESERVED
 CVE-2020-22837
@@ -36445,8 +36447,7 @@ CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
 	NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116
 	NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b
-CVE-2020-14343 [.load() and FullLoader still vulnerable to fairly trivial RCE]
-	RESERVED
+CVE-2020-14343 (A vulnerability was discovered in the PyYAML library in versions befor ...)
 	- pyyaml <unfixed> (bug #966233)
 	[buster] - pyyaml <not-affected> (Vulnerable code not present)
 	[stretch] - pyyaml <not-affected> (Vulnerable code not present)
@@ -50820,7 +50821,7 @@ CVE-2020-8610
 CVE-2020-8609
 	RESERVED
 CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf  ...)
-	{DSA-4733-1 DLA-2288-1 DLA-2144-1 DLA-2142-1}
+	{DSA-4733-1 DLA-2551-1 DLA-2288-1 DLA-2144-1 DLA-2142-1}
 	- libslirp 4.2.0-1
 	- qemu 1:4.1-2
 	- qemu-kvm <removed>
@@ -54548,7 +54549,7 @@ CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/stor
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
 	NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1
 CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...)
-	{DSA-4616-1 DLA-2090-1 DLA-2076-1}
+	{DSA-4616-1 DLA-2551-1 DLA-2090-1 DLA-2076-1}
 	- libslirp 4.1.0-2 (bug #949084)
 	- qemu 1:4.1-2
 	- qemu-kvm <removed>
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index ac0ad29e57..5e738e8e90 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,339 @@
+CVE-2021-3407
+	RESERVED
+CVE-2021-3406
+	RESERVED
+CVE-2021-3405
+	RESERVED
+CVE-2021-27104
+	RESERVED
+CVE-2021-27103
+	RESERVED
+CVE-2021-27102
+	RESERVED
+CVE-2021-27101
+	RESERVED
+CVE-2021-27100
+	RESERVED
+CVE-2021-27099
+	RESERVED
+CVE-2021-27098
+	RESERVED
+CVE-2021-27097
+	RESERVED
+CVE-2021-27096
+	RESERVED
+CVE-2021-27095
+	RESERVED
+CVE-2021-27094
+	RESERVED
+CVE-2021-27093
+	RESERVED
+CVE-2021-27092
+	RESERVED
+CVE-2021-27091
+	RESERVED
+CVE-2021-27090
+	RESERVED
+CVE-2021-27089
+	RESERVED
+CVE-2021-27088
+	RESERVED
+CVE-2021-27087
+	RESERVED
+CVE-2021-27086
+	RESERVED
+CVE-2021-27085
+	RESERVED
+CVE-2021-27084
+	RESERVED
+CVE-2021-27083
+	RESERVED
+CVE-2021-27082
+	RESERVED
+CVE-2021-27081
+	RESERVED
+CVE-2021-27080
+	RESERVED
+CVE-2021-27079
+	RESERVED
+CVE-2021-27078
+	RESERVED
+CVE-2021-27077
+	RESERVED
+CVE-2021-27076
+	RESERVED
+CVE-2021-27075
+	RESERVED
+CVE-2021-27074
+	RESERVED
+CVE-2021-27073
+	RESERVED
+CVE-2021-27072
+	RESERVED
+CVE-2021-27071
+	RESERVED
+CVE-2021-27070
+	RESERVED
+CVE-2021-27069
+	RESERVED
+CVE-2021-27068
+	RESERVED
+CVE-2021-27067
+	RESERVED
+CVE-2021-27066
+	RESERVED
+CVE-2021-27065
+	RESERVED
+CVE-2021-27064
+	RESERVED
+CVE-2021-27063
+	RESERVED
+CVE-2021-27062
+	RESERVED
+CVE-2021-27061
+	RESERVED
+CVE-2021-27060
+	RESERVED
+CVE-2021-27059
+	RESERVED
+CVE-2021-27058
+	RESERVED
+CVE-2021-27057
+	RESERVED
+CVE-2021-27056
+	RESERVED
+CVE-2021-27055
+	RESERVED
+CVE-2021-27054
+	RESERVED
+CVE-2021-27053
+	RESERVED
+CVE-2021-27052
+	RESERVED
+CVE-2021-27051
+	RESERVED
+CVE-2021-27050
+	RESERVED
+CVE-2021-27049
+	RESERVED
+CVE-2021-27048
+	RESERVED
+CVE-2021-27047
+	RESERVED
+CVE-2021-27046
+	RESERVED
+CVE-2021-27045
+	RESERVED
+CVE-2021-27044
+	RESERVED
+CVE-2021-27043
+	RESERVED
+CVE-2021-27042
+	RESERVED
+CVE-2021-27041
+	RESERVED
+CVE-2021-27040
+	RESERVED
+CVE-2021-27039
+	RESERVED
+CVE-2021-27038
+	RESERVED
+CVE-2021-27037
+	RESERVED
+CVE-2021-27036
+	RESERVED
+CVE-2021-27035
+	RESERVED
+CVE-2021-27034
+	RESERVED
+CVE-2021-27033
+	RESERVED
+CVE-2021-27032
+	RESERVED
+CVE-2021-27031
+	RESERVED
+CVE-2021-27030
+	RESERVED
+CVE-2021-27029
+	RESERVED
+CVE-2021-27028
+	RESERVED
+CVE-2021-27027
+	RESERVED
+CVE-2021-27026
+	RESERVED
+CVE-2021-27025
+	RESERVED
+CVE-2021-27024
+	RESERVED
+CVE-2021-27023
+	RESERVED
+CVE-2021-27022
+	RESERVED
+CVE-2021-27021
+	RESERVED
+CVE-2021-27020
+	RESERVED
+CVE-2021-27019
+	RESERVED
+CVE-2021-27018
+	RESERVED
+CVE-2021-27017
+	RESERVED
+CVE-2021-27016
+	RESERVED
+CVE-2021-27015
+	RESERVED
+CVE-2021-27014
+	RESERVED
+CVE-2021-27013
+	RESERVED
+CVE-2021-27012
+	RESERVED
+CVE-2021-27011
+	RESERVED
+CVE-2021-27010
+	RESERVED
+CVE-2021-27009
+	RESERVED
+CVE-2021-27008
+	RESERVED
+CVE-2021-27007
+	RESERVED
+CVE-2021-27006
+	RESERVED
+CVE-2021-27005
+	RESERVED
+CVE-2021-27004
+	RESERVED
+CVE-2021-27003
+	RESERVED
+CVE-2021-27002
+	RESERVED
+CVE-2021-27001
+	RESERVED
+CVE-2021-27000
+	RESERVED
+CVE-2021-26999
+	RESERVED
+CVE-2021-26998
+	RESERVED
+CVE-2021-26997
+	RESERVED
+CVE-2021-26996
+	RESERVED
+CVE-2021-26995
+	RESERVED
+CVE-2021-26994
+	RESERVED
+CVE-2021-26993
+	RESERVED
+CVE-2021-26992
+	RESERVED
+CVE-2021-26991
+	RESERVED
+CVE-2021-26990
+	RESERVED
+CVE-2021-26989
+	RESERVED
+CVE-2021-26988
+	RESERVED
+CVE-2021-26987
+	RESERVED
+CVE-2021-26986
+	RESERVED
+CVE-2021-26985
+	RESERVED
+CVE-2021-26984
+	RESERVED
+CVE-2021-26983
+	RESERVED
+CVE-2021-26982
+	RESERVED
+CVE-2021-26981
+	RESERVED
+CVE-2021-26980
+	RESERVED
+CVE-2021-26979
+	RESERVED
+CVE-2021-26978
+	RESERVED
+CVE-2021-26977
+	RESERVED
+CVE-2021-26976
+	RESERVED
+CVE-2021-26975
+	RESERVED
+CVE-2021-26974
+	RESERVED
+CVE-2021-26973
+	RESERVED
+CVE-2021-26972
+	RESERVED
+CVE-2021-26971
+	RESERVED
+CVE-2021-26970
+	RESERVED
+CVE-2021-26969
+	RESERVED
+CVE-2021-26968
+	RESERVED
+CVE-2021-26967
+	RESERVED
+CVE-2021-26966
+	RESERVED
+CVE-2021-26965
+	RESERVED
+CVE-2021-26964
+	RESERVED
+CVE-2021-26963
+	RESERVED
+CVE-2021-26962
+	RESERVED
+CVE-2021-26961
+	RESERVED
+CVE-2021-26960
+	RESERVED
+CVE-2021-26959 (An issue was discovered in the hyper crate before 0.13.10 and 0.14.x b ...)
+	TODO: check
+CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
+	TODO: check
+CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
+	TODO: check
+CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
+	TODO: check
+CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust.  ...)
+	TODO: check
+CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...)
+	TODO: check
+CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...)
+	TODO: check
+CVE-2021-26952 (An issue was discovered in the ms3d crate before 0.1.3 for Rust. It mi ...)
+	TODO: check
+CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for Rust.  ...)
+	TODO: check
+CVE-2021-26944
+	RESERVED
+CVE-2021-26943
+	RESERVED
+CVE-2021-26942
+	RESERVED
+CVE-2021-26941
+	RESERVED
+CVE-2021-26940
+	RESERVED
+CVE-2021-26939
+	RESERVED
+CVE-2021-26938
+	RESERVED
+CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...)
+	TODO: check
+CVE-2021-23219
+	RESERVED
+CVE-2021-23217
+	RESERVED
+CVE-2021-23201
+	RESERVED
 CVE-2021-3404
 	RESERVED
 CVE-2021-3403
@@ -68,7 +404,7 @@ CVE-2021-26906
 	RESERVED
 CVE-2021-3402
 	RESERVED
-CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of requests f ...)
+CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
 	NOT-FOR-US: 1Password SCIM Bridge
 CVE-2021-26904
 	RESERVED
@@ -175,6 +511,7 @@ CVE-2021-26854
 CVE-2021-26853
 	RESERVED
 CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...)
+	{DSA-4849-1}
 	- firejail 0.9.64.4-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5
 	NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
@@ -570,12 +907,12 @@ CVE-2021-3397
 CVE-2021-3396
 	RESERVED
 CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
-	{DSA-4847-1}
+	{DSA-4847-1 DLA-2552-1}
 	- connman 1.36-2.1
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
 CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...)
-	{DSA-4847-1}
+	{DSA-4847-1 DLA-2552-1}
 	- connman 1.36-2.1
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
 CVE-2021-26674
@@ -845,8 +1182,8 @@ CVE-2021-26553
 	RESERVED
 CVE-2021-26552
 	RESERVED
-CVE-2021-26551
-	RESERVED
+CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...)
+	TODO: check
 CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...)
 	TODO: check
 CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to  ...)
@@ -11718,8 +12055,8 @@ CVE-2021-21504
 	RESERVED
 CVE-2021-21503
 	RESERVED
-CVE-2021-21502
-	RESERVED
+CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 &#8211; 9.1.0 contain a "use of S ...)
+	TODO: check
 CVE-2021-21501
 	RESERVED
 CVE-2021-21500
@@ -11778,22 +12115,22 @@ CVE-2021-21481
 	RESERVED
 CVE-2021-21480
 	RESERVED
-CVE-2021-21479
-	RESERVED
-CVE-2021-21478
-	RESERVED
-CVE-2021-21477
-	RESERVED
-CVE-2021-21476
-	RESERVED
-CVE-2021-21475
-	RESERVED
-CVE-2021-21474
-	RESERVED
+CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...)
+	TODO: check
+CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...)
+	TODO: check
+CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...)
+	TODO: check
+CVE-2021-21476 (SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84. ...)
+	TODO: check
+CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...)
+	TODO: check
+CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...)
+	TODO: check
 CVE-2021-21473
 	RESERVED
-CVE-2021-21472
-	RESERVED
+CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...)
+	TODO: check
 CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...)
 	NOT-FOR-US: CLA-Assistant
 CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in ...)
@@ -11848,8 +12185,8 @@ CVE-2021-21446 (SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 75
 	NOT-FOR-US: SAP
 CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an ...)
 	NOT-FOR-US: SAP
-CVE-2021-21444
-	RESERVED
+CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...)
+	TODO: check
 CVE-2021-21443
 	RESERVED
 CVE-2021-21442
author	security tracker role <sectracker@soriano.debian.org>	2021-02-10 08:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-02-10 08:10:22 +0000
commit	effbd19553589c3593b1b26e2fb122a5c9e479af (patch)
tree	1bd9d89cc05d2507086a0b249fa999f7c14f6dd8
parent	76f4562df8879c9d9ca146f8fcb593e727e4f58f (diff)