diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-12-30 20:10:18 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-12-30 20:10:18 +0000 |
| commit | 5f51815a3f2f5ef3b508c44b8ea50760d8e3e9e4 (patch) | |
| tree | ecd96f4825948e0c7b3bb652ba6265ba7a1475ef | |
| parent | cf6538160dc47eef2812aee5121e128ffc85e982 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2020.list | 4 | ||||
| -rw-r--r-- | data/CVE/2021.list | 50 |
2 files changed, 38 insertions, 16 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index d1b89767e4..7704e99be7 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -4515,8 +4515,8 @@ CVE-2020-29294 RESERVED CVE-2020-29293 RESERVED -CVE-2020-29292 - RESERVED +CVE-2020-29292 (iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) at ...) + TODO: check CVE-2020-29291 RESERVED CVE-2020-29290 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 7706e02830..4887e8b71b 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,19 @@ +CVE-2021-45732 + RESERVED +CVE-2021-45077 + RESERVED +CVE-2021-44466 + RESERVED +CVE-2021-4194 + RESERVED +CVE-2021-4193 + RESERVED +CVE-2021-4192 + RESERVED +CVE-2021-4191 + RESERVED +CVE-2021-23147 + RESERVED CVE-2021-45919 RESERVED CVE-2021-4190 @@ -234,14 +250,14 @@ CVE-2021-45820 RESERVED CVE-2021-45819 RESERVED -CVE-2021-45818 - RESERVED +CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...) + TODO: check CVE-2021-45817 RESERVED CVE-2021-45816 RESERVED -CVE-2021-45815 - RESERVED +CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...) + TODO: check CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...) NOT-FOR-US: Nettmp NNT CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...) @@ -1177,8 +1193,8 @@ CVE-2021-45429 RESERVED CVE-2021-45428 RESERVED -CVE-2021-45427 - RESERVED +CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...) + TODO: check CVE-2021-45426 RESERVED CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...) @@ -1912,7 +1928,7 @@ CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues] [stretch] - spip 3.1.4-4~deb9u4+deb9u2 NOTE: For the collection of issues fixed in DSA 5028-1 NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html -CVE-2021-45379 [Fix possible privilege escalation] +CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...) - glewlwyd 2.6.1-1 [bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release) [buster] - glewlwyd <not-affected> (Vulnerable code introduced later) @@ -2339,7 +2355,8 @@ CVE-2021-44950 RESERVED CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...) NOT-FOR-US: glFusion CMS -CVE-2021-44948 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...) +CVE-2021-44948 + REJECTED NOT-FOR-US: glFusion CMS CVE-2021-44947 RESERVED @@ -5160,10 +5177,10 @@ CVE-2021-43864 RESERVED CVE-2021-43863 RESERVED -CVE-2021-43862 - RESERVED -CVE-2021-43861 - RESERVED +CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...) + TODO: check +CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...) + TODO: check CVE-2021-43860 RESERVED CVE-2021-43859 @@ -5255,6 +5272,7 @@ CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is CVE-2021-43819 RESERVED CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...) + {DLA-2871-1} - lxml <unfixed> (bug #1001885) NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5) @@ -6901,6 +6919,7 @@ CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt NOTE: https://github.com/NLnetLabs/routinator/pull/667 CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...) + {DSA-5033-1} - routinator <itp> (bug #929024) - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 @@ -7033,6 +7052,7 @@ CVE-2021-43116 CVE-2021-43115 RESERVED CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...) + {DSA-5033-1} - fort-validator 1.5.2-1 CVE-2021-43113 (iTextPDF in iText before 7.1.17 allows command injection via a Compare ...) NOT-FOR-US: iText @@ -7231,6 +7251,7 @@ CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an i - cfrpki 1.4.0-1 NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...) + {DSA-5033-1} - routinator <itp> (bug #929024) - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 @@ -7241,6 +7262,7 @@ CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowin - routinator <itp> (bug #929024) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...) + {DSA-5033-1} - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh @@ -17156,8 +17178,8 @@ CVE-2021-38878 RESERVED CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) NOT-FOR-US: IBM -CVE-2021-38876 - RESERVED +CVE-2021-38876 (IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vu ...) + TODO: check CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...) NOT-FOR-US: IBM CVE-2021-38874 |