diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-12-31 08:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-12-31 08:10:27 +0000 |
commit | f82cbf2b7188af6ab47035c8efa3bfe1a6618cb1 (patch) | |
tree | 0d9defb1090495bad59449421b56c3edca4a0202 | |
parent | 42d1d7c15b8f1fca7b986fbb5785b16bdb200ced (diff) |
automatic update
-rw-r--r-- | data/CVE/2016.list | 20 | ||||
-rw-r--r-- | data/CVE/2018.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 45 | ||||
-rw-r--r-- | data/CVE/2020.list | 61 | ||||
-rw-r--r-- | data/CVE/2021.list | 100 |
5 files changed, 170 insertions, 64 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 38158d87ff..7a5b484ed8 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -6322,18 +6322,18 @@ CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC befor NOT-FOR-US: Citrix CVE-2016-9027 RESERVED -CVE-2016-9026 - RESERVED -CVE-2016-9025 - RESERVED +CVE-2016-9026 (Exponent CMS before 2.6.0 has improper input validation in fileControl ...) + TODO: check +CVE-2016-9025 (Exponent CMS before 2.6.0 has improper input validation in purchaseOrd ...) + TODO: check CVE-2016-9024 RESERVED -CVE-2016-9023 - RESERVED -CVE-2016-9022 - RESERVED -CVE-2016-9021 - RESERVED +CVE-2016-9023 (Exponent CMS before 2.6.0 has improper input validation in cron/find_h ...) + TODO: check +CVE-2016-9022 (Exponent CMS before 2.6.0 has improper input validation in usersContro ...) + TODO: check +CVE-2016-9021 (Exponent CMS before 2.6.0 has improper input validation in storeContro ...) + TODO: check CVE-2016-9020 (SQL injection vulnerability in framework/modules/help/controllers/help ...) NOT-FOR-US: Exponent CMS CVE-2016-9019 (SQL injection vulnerability in the activate_address function in framew ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 368079db3a..e0e99e7774 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -12126,8 +12126,8 @@ CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1 NOT-FOR-US: PotPlayer CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files wit ...) NOT-FOR-US: HiScout GRC Suite -CVE-2018-16795 - RESERVED +CVE-2018-16795 (OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/a ...) + TODO: check CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory ...) NOT-FOR-US: Microsoft ADFS 4.0 Windows Server CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...) @@ -19246,8 +19246,8 @@ CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnera NOT-FOR-US: SRCMS CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...) NOT-FOR-US: SRCMS -CVE-2018-14067 - RESERVED +CVE-2018-14067 (Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injec ...) + TODO: check CVE-2018-14066 (The content://wappush content provider in com.android.provider.telepho ...) NOT-FOR-US: Lenovo CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 9a71996fad..b3787aedc4 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -347,8 +347,7 @@ CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...) NOT-FOR-US: Compound Finance Compound Price Oracle -CVE-2019-20808 [out-of-bounds read in ati_cursor_define() function in hw/display/ati.c leads to DoS] - RESERVED +CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ...) - qemu 1:4.2-1 [buster] - qemu <not-affected> (Vulnerable code introduced later) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -10664,8 +10663,8 @@ CVE-2019-16749 CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...) - wolfssl 4.2.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/issues/2459 -CVE-2019-16747 - RESERVED +CVE-2019-16747 (In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an inval ...) + TODO: check CVE-2019-16745 (eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. ...) NOT-FOR-US: eBrigade CVE-2019-16744 (eBrigade before 5.0 has evenements.php cid SQL Injection. ...) @@ -11705,8 +11704,8 @@ CVE-2019-16283 RESERVED CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...) NOT-FOR-US: NCH Express Invoice -CVE-2019-16281 - RESERVED +CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token ...) + TODO: check CVE-2019-16280 RESERVED CVE-2019-16279 (A memory error in the function SSL_accept in nostromo nhttpd through 1 ...) @@ -13742,8 +13741,8 @@ CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 termin NOT-FOR-US: pw3270 terminal emulator CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php ...) NOT-FOR-US: CSZ CMS -CVE-2019-15523 - RESERVED +CVE-2019-15523 (An issue was discovered in LINBIT csync2 through 2.0. It does not corr ...) + TODO: check CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...) - csync2 2.0-25-gc0faaf9-1 (bug #955445) [buster] - csync2 2.0-22-gce67c55-1+deb10u1 @@ -14803,12 +14802,12 @@ CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has r NOT-FOR-US: Wordpress plugin CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...) NOT-FOR-US: OpenCart -CVE-2019-15080 - RESERVED -CVE-2019-15079 - RESERVED -CVE-2019-15078 - RESERVED +CVE-2019-15080 (An issue was discovered in a smart contract implementation for MORPH T ...) + TODO: check +CVE-2019-15079 (A typo exists in the constructor of a smart contract implementation fo ...) + TODO: check +CVE-2019-15078 (An issue was discovered in a smart contract implementation for AIRDROP ...) + TODO: check CVE-2019-15077 RESERVED CVE-2019-15076 @@ -20800,8 +20799,8 @@ CVE-2019-12955 RESERVED CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...) NOT-FOR-US: SolarWinds -CVE-2019-12953 - RESERVED +CVE-2019-12953 (Dropbear 2011.54 through 2018.76 has an inconsistent failure delay tha ...) + TODO: check CVE-2019-12952 RESERVED CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...) @@ -21282,8 +21281,8 @@ CVE-2019-12770 RESERVED CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...) NOT-FOR-US: SolarWinds -CVE-2019-12768 - RESERVED +CVE-2019-12768 (An issue was discovered on D-Link DAP-1650 devices through v1.03b07 be ...) + TODO: check CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...) NOT-FOR-US: D-Link CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...) @@ -22908,7 +22907,7 @@ CVE-2019-12157 (In JetBrains TeamCity versions before 2018.2.5 and UpSource vers NOT-FOR-US: JetBrains TeamCity CVE-2019-12156 (Server metadata could be exposed because one of the error messages ref ...) NOT-FOR-US: JetBrains TeamCity -CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NUL ...) +CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4 ...) {DSA-4454-1 DLA-1927-1} - qemu 1:3.1+dfsg-8 (bug #929353) [buster] - qemu 1:3.1+dfsg-8~deb10u1 @@ -35783,10 +35782,10 @@ CVE-2019-7728 (An issue was discovered in the Bosch Smart Camera App before 1.3. NOT-FOR-US: Bosch Smart Camera App CVE-2019-7727 (In NICE Engage through 6.5, the default configuration binds an unauthe ...) NOT-FOR-US: NICE Engage -CVE-2019-7726 - RESERVED -CVE-2019-7725 - RESERVED +CVE-2019-7726 (modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL IN ...) + TODO: check +CVE-2019-7725 (includes/core/is_user.php in NukeViet before 4.3.04 deserializes the u ...) + TODO: check CVE-2019-7724 RESERVED CVE-2019-7723 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index f25c686878..f3f88439d6 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,9 @@ +CVE-2020-35856 + RESERVED +CVE-2020-35855 + RESERVED +CVE-2020-35854 + RESERVED CVE-2020-35853 RESERVED CVE-2020-35852 @@ -235,8 +241,8 @@ CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples i [buster] - wavpack <no-dsa> (Minor issue) NOTE: https://github.com/dbry/WavPack/issues/91 NOTE: https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0 -CVE-2020-35737 - RESERVED +CVE-2020-35737 (In Correspondence Management System (corms) in Newgen eGov 12.0, an at ...) + TODO: check CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via ...) NOT-FOR-US: GateOne CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...) @@ -4473,8 +4479,8 @@ CVE-2020-28415 (A reflected cross-site scripting (XSS) vulnerability exists in t NOT-FOR-US: TranzWare Payment Gateway CVE-2020-28414 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...) NOT-FOR-US: TranzWare Payment Gateway -CVE-2020-28413 - RESERVED +CVE-2020-28413 (In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" ...) + TODO: check CVE-2020-28412 RESERVED CVE-2020-28411 @@ -5161,8 +5167,8 @@ CVE-2020-28097 RESERVED CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART acc ...) NOT-FOR-US: FOSCAM FHD -CVE-2020-28095 - RESERVED +CVE-2020-28095 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP PO ...) + TODO: check CVE-2020-28094 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default set ...) NOT-FOR-US: Tenda CVE-2020-28093 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, ...) @@ -6651,8 +6657,8 @@ CVE-2020-27536 RESERVED CVE-2020-27535 RESERVED -CVE-2020-27534 - RESERVED +CVE-2020-27534 (util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 c ...) + TODO: check CVE-2020-27533 (A Cross Site Scripting (XSS) issue was discovered in the search featur ...) NOT-FOR-US: DedeCMS CVE-2020-27532 @@ -9365,8 +9371,8 @@ CVE-2020-26298 RESERVED CVE-2020-26297 RESERVED -CVE-2020-26296 - RESERVED +CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...) + TODO: check CVE-2020-26295 RESERVED CVE-2020-26294 @@ -9375,14 +9381,14 @@ CVE-2020-26293 RESERVED CVE-2020-26292 RESERVED -CVE-2020-26291 - RESERVED +CVE-2020-26291 (URI.js is a javascript URL mutation library (npm package urijs). In UR ...) + TODO: check CVE-2020-26290 (Dex is a federated OpenID Connect provider written in Go. In Dex befor ...) TODO: check CVE-2020-26289 (date-and-time is an npm package for manipulating date and time. In dat ...) TODO: check -CVE-2020-26288 - RESERVED +CVE-2020-26288 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...) NOT-FOR-US: HedgeDoc CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...) @@ -9505,6 +9511,7 @@ CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and F CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons as well ...) NOT-FOR-US: cron-utils Java library CVE-2020-26237 (Highlight.js is a syntax highlighter written in JavaScript. Highlight. ...) + {DLA-2511-1} - highlight.js 9.18.1+dfsg1-3 (bug #976446) NOTE: https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx NOTE: https://github.com/highlightjs/highlight.js/pull/2636 @@ -23295,8 +23302,8 @@ CVE-2020-19666 RESERVED CVE-2020-19665 RESERVED -CVE-2020-19664 - RESERVED +CVE-2020-19664 (DrayTek Vigor2960 1.5.1 allows remote command execution via shell meta ...) + TODO: check CVE-2020-19663 RESERVED CVE-2020-19662 @@ -27982,8 +27989,8 @@ CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client NOT-FOR-US: Hotspot Shield VPN client for Windows CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...) NOT-FOR-US: User-friendly SVN -CVE-2020-17363 - RESERVED +CVE-2020-17363 (USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution ...) + TODO: check CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...) NOT-FOR-US: Nova Lite theme for WordPress CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...) @@ -30587,7 +30594,7 @@ CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box CVE-2020-16133 RESERVED CVE-2020-16132 - RESERVED + REJECTED CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...) - tikiwiki <removed> CVE-2020-16130 @@ -37024,8 +37031,8 @@ CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implement NOT-FOR-US: Hobbes CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...) - collabtive <removed> -CVE-2020-13654 - RESERVED +CVE-2020-13654 (XWiki Platform before 12.8 mishandles escaping in the property display ...) + TODO: check CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...) NOT-FOR-US: Zimbra CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) @@ -39474,8 +39481,8 @@ CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_um [stretch] - linux <not-affected> (Vulnerable code not present) [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) -CVE-2020-12658 - RESERVED +CVE-2020-12658 (gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex befor ...) + TODO: check CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 @@ -41258,8 +41265,8 @@ CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras bef NOT-FOR-US: VIVOTEK Network Cameras CVE-2020-11948 RESERVED -CVE-2020-11947 [heap-based buffer over-read] - RESERVED +CVE-2020-11947 (iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ...) + {DSA-4665-1} - qemu 1:4.2-7 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 (v5.0.0-rc4) CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...) @@ -43297,8 +43304,8 @@ CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It emp NOT-FOR-US: USC iLab cereal CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...) NOT-FOR-US: USC iLab cereal -CVE-2020-11103 - RESERVED +CVE-2020-11103 (JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, ...) + TODO: check CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) - qemu 1:4.2-4 (bug #956145) [buster] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator added later) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index fd0787b1ef..73cdccd9c0 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,103 @@ +CVE-2021-21493 + RESERVED +CVE-2021-21492 + RESERVED +CVE-2021-21491 + RESERVED +CVE-2021-21490 + RESERVED +CVE-2021-21489 + RESERVED +CVE-2021-21488 + RESERVED +CVE-2021-21487 + RESERVED +CVE-2021-21486 + RESERVED +CVE-2021-21485 + RESERVED +CVE-2021-21484 + RESERVED +CVE-2021-21483 + RESERVED +CVE-2021-21482 + RESERVED +CVE-2021-21481 + RESERVED +CVE-2021-21480 + RESERVED +CVE-2021-21479 + RESERVED +CVE-2021-21478 + RESERVED +CVE-2021-21477 + RESERVED +CVE-2021-21476 + RESERVED +CVE-2021-21475 + RESERVED +CVE-2021-21474 + RESERVED +CVE-2021-21473 + RESERVED +CVE-2021-21472 + RESERVED +CVE-2021-21471 + RESERVED +CVE-2021-21470 + RESERVED +CVE-2021-21469 + RESERVED +CVE-2021-21468 + RESERVED +CVE-2021-21467 + RESERVED +CVE-2021-21466 + RESERVED +CVE-2021-21465 + RESERVED +CVE-2021-21464 + RESERVED +CVE-2021-21463 + RESERVED +CVE-2021-21462 + RESERVED +CVE-2021-21461 + RESERVED +CVE-2021-21460 + RESERVED +CVE-2021-21459 + RESERVED +CVE-2021-21458 + RESERVED +CVE-2021-21457 + RESERVED +CVE-2021-21456 + RESERVED +CVE-2021-21455 + RESERVED +CVE-2021-21454 + RESERVED +CVE-2021-21453 + RESERVED +CVE-2021-21452 + RESERVED +CVE-2021-21451 + RESERVED +CVE-2021-21450 + RESERVED +CVE-2021-21449 + RESERVED +CVE-2021-21448 + RESERVED +CVE-2021-21447 + RESERVED +CVE-2021-21446 + RESERVED +CVE-2021-21445 + RESERVED +CVE-2021-21444 + RESERVED CVE-2021-21443 RESERVED CVE-2021-21442 |