diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-11-12 20:10:19 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-12 20:10:19 +0000 |
commit | 6cd68c1825688ccb46bb30c30be7ecb4a7b3d14c (patch) | |
tree | b1add338a8b43b1b3d3d986384f2ae4e7d8152aa | |
parent | ccfc97c68330be1483fe2cc9ef4b375fd14dffee (diff) |
automatic update
-rw-r--r-- | data/CVE/2020.list | 8 | ||||
-rw-r--r-- | data/CVE/2021.list | 79 |
2 files changed, 46 insertions, 41 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b1f15d313b..023dab478c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -63386,8 +63386,8 @@ CVE-2020-4148 RESERVED CVE-2020-4147 RESERVED -CVE-2020-4146 - RESERVED +CVE-2020-4146 (IBM Security SiteProtector System 3.1.1 could allow a remote attacker ...) + TODO: check CVE-2020-4145 RESERVED CVE-2020-4144 @@ -63398,8 +63398,8 @@ CVE-2020-4142 RESERVED CVE-2020-4141 RESERVED -CVE-2020-4140 - RESERVED +CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site sc ...) + TODO: check CVE-2020-4139 RESERVED CVE-2020-4138 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 34e80e84ed..f842e680ec 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,11 +1,18 @@ -CVE-2021-43578 +CVE-2021-43582 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2021-43577 +CVE-2021-43581 RESERVED - NOT-FOR-US: Jenkins plugin -CVE-2021-43576 +CVE-2021-43580 RESERVED +CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC before 1. ...) + TODO: check +CVE-2021-3950 + RESERVED +CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins plugin CVE-2021-42744 RESERVED @@ -167,8 +174,8 @@ CVE-2021-3936 RESERVED CVE-2021-3935 RESERVED -CVE-2021-3934 - RESERVED +CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...) + TODO: check CVE-2021-3933 RESERVED - openexr <unfixed> @@ -232,16 +239,16 @@ CVE-2021-43498 RESERVED CVE-2021-43497 RESERVED -CVE-2021-43496 - RESERVED +CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...) + TODO: check CVE-2021-43495 RESERVED -CVE-2021-43494 - RESERVED -CVE-2021-43493 - RESERVED -CVE-2021-43492 - RESERVED +CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...) + TODO: check +CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...) + TODO: check +CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) + TODO: check CVE-2021-43491 RESERVED CVE-2021-43490 @@ -666,7 +673,7 @@ CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Rest NOT-FOR-US: Grav CMS CVE-2021-23222 RESERVED - {DSA-5007-1 DSA-5006-1} + {DSA-5007-1 DSA-5006-1 DLA-2817-1} - postgresql-14 14.1-1 - postgresql-13 <unfixed> - postgresql-11 <removed> @@ -674,7 +681,7 @@ CVE-2021-23222 NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ CVE-2021-23214 RESERVED - {DSA-5007-1 DSA-5006-1} + {DSA-5007-1 DSA-5006-1 DLA-2817-1} - postgresql-14 14.1-1 - postgresql-13 <unfixed> - postgresql-11 <removed> @@ -2813,6 +2820,7 @@ CVE-2021-3886 CVE-2021-3885 RESERVED CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...) + {DSA-5009-1} - tomcat9 9.0.54-1 [buster] - tomcat9 <not-affected> (Vulnerable code introduced later) - tomcat8 <removed> @@ -3684,8 +3692,8 @@ CVE-2021-3857 RESERVED CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) NOT-FOR-US: Apache MINA -CVE-2021-41972 - RESERVED +CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...) + TODO: check CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...) NOT-FOR-US: Apache Superset CVE-2021-3856 @@ -5319,8 +5327,8 @@ CVE-2021-41266 RESERVED CVE-2021-41265 RESERVED -CVE-2021-41264 - RESERVED +CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...) + TODO: check CVE-2021-41263 RESERVED CVE-2021-41262 @@ -5329,8 +5337,8 @@ CVE-2021-41261 RESERVED CVE-2021-41260 RESERVED -CVE-2021-41259 - RESERVED +CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...) + TODO: check CVE-2021-41258 RESERVED CVE-2021-41257 @@ -5339,8 +5347,8 @@ CVE-2021-41256 RESERVED CVE-2021-41255 RESERVED -CVE-2021-41254 - RESERVED +CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...) + TODO: check CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...) - zydis <unfixed> (bug #999431) NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g @@ -10753,8 +10761,8 @@ CVE-2021-38987 RESERVED CVE-2021-38986 RESERVED -CVE-2021-38985 - RESERVED +CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + TODO: check CVE-2021-38984 RESERVED CVE-2021-38983 @@ -10777,10 +10785,10 @@ CVE-2021-38975 RESERVED CVE-2021-38974 RESERVED -CVE-2021-38973 - RESERVED -CVE-2021-38972 - RESERVED +CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + TODO: check +CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + TODO: check CVE-2021-38971 RESERVED CVE-2021-38970 @@ -51934,14 +51942,11 @@ CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x - php7.0 <removed> NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27 NOTE: PHP Bug: https://bugs.php.net/80672 -CVE-2021-21701 - RESERVED +CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21700 - RESERVED +CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of s ...) NOT-FOR-US: Jenkins plugin -CVE-2021-21699 - RESERVED +CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the pa ...) NOT-FOR-US: Jenkins plugin CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...) NOT-FOR-US: Jenkins plugin |