diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-19 08:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-19 08:10:16 +0000 |
commit | 2ba3ef4be092ba73b47d3c14c733593bb6370dde (patch) | |
tree | f98da095d2649f515f905d16190c1a8f326159ae | |
parent | 6ceb7af86e10e5753cf73a058a9f248b9306bbef (diff) |
automatic update
-rw-r--r-- | data/CVE/2017.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 11 | ||||
-rw-r--r-- | data/CVE/2020.list | 44 | ||||
-rw-r--r-- | data/CVE/2021.list | 38 |
4 files changed, 68 insertions, 29 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 93733aaf3a..deed7b3209 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -13957,15 +13957,17 @@ CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR wh CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...) NOT-FOR-US: Zoho ManageEngine CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...) + {DLA-2567-1} - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Crash in CLI tool, no security impact CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...) + {DLA-2567-1} - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Crash in CLI tool, no security impact CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...) - {DLA-1091-1} + {DLA-2567-1 DLA-1091-1} - unrar-free 1:0.0.1+cvs20140707-2 (bug #874059) [jessie] - unrar-free <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 825ff1d541..2f4231fb3d 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,13 @@ +CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...) + TODO: check +CVE-2019-25023 + RESERVED +CVE-2019-25022 + RESERVED +CVE-2019-25021 + RESERVED +CVE-2019-25020 + RESERVED CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...) - limesurvey <itp> (bug #472802) CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed] @@ -1489,6 +1499,7 @@ CVE-2019-20369 CVE-2019-20368 RESERVED CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...) + {DLA-2566-1} - libbsd 0.10.0-1 [buster] - libbsd <no-dsa> (Minor issue) [jessie] - libbsd <no-dsa> (Minor issue) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b27bd2d558..bd05219c7b 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,17 @@ +CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...) + TODO: check +CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...) + TODO: check +CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock protecti ...) + TODO: check +CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not properly e ...) + TODO: check +CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...) + TODO: check +CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...) + TODO: check +CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...) + TODO: check CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary ...) NOT-FOR-US: GramAddict CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has ...) @@ -1096,8 +1110,8 @@ CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects GS716 NOT-FOR-US: Netgear CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command inj ...) NOT-FOR-US: Netgear -CVE-2020-35776 - RESERVED +CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk version ...) + TODO: check CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...) NOT-FOR-US: CITSmart CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...) @@ -1544,10 +1558,10 @@ CVE-2020-35594 RESERVED CVE-2020-35593 RESERVED -CVE-2020-35592 - RESERVED -CVE-2020-35591 - RESERVED +CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...) + TODO: check +CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...) + TODO: check CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin bef ...) NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...) @@ -13861,8 +13875,8 @@ CVE-2020-24910 RESERVED CVE-2020-24909 RESERVED -CVE-2020-24908 - RESERVED +CVE-2020-24908 (Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges ...) + TODO: check CVE-2020-24907 RESERVED CVE-2020-24906 @@ -24845,8 +24859,8 @@ CVE-2020-19515 RESERVED CVE-2020-19514 RESERVED -CVE-2020-19513 - RESERVED +CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...) + TODO: check CVE-2020-19512 RESERVED CVE-2020-19511 @@ -36877,7 +36891,7 @@ CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14 CVE-2020-14211 RESERVED -CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected ...) +CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...) NOT-FOR-US: MONITORAPP CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...) - dolibarr <removed> @@ -47077,12 +47091,12 @@ CVE-2020-10256 (An issue was discovered in beta versions of the 1Password comman NOT-FOR-US: 1Password CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips -CVE-2020-10254 - RESERVED +CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker can bypas ...) + TODO: check CVE-2020-10253 RESERVED -CVE-2020-10252 - RESERVED +CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an SSRF is ...) + TODO: check CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741) [buster] - imagemagick <ignored> (Minor issue) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index ddd5bd1d5d..ad33e9c5b3 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,15 @@ +CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...) + TODO: check +CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...) + TODO: check +CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...) + TODO: check +CVE-2021-27402 + RESERVED +CVE-2021-27401 + RESERVED +CVE-2021-27400 + RESERVED CVE-2021-3413 RESERVED CVE-2021-3412 @@ -53,7 +65,7 @@ CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Ru NOT-FOR-US: Rust crate yottadb CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...) NOT-FOR-US: Rust crate nb-connect -CVE-2021-27375 (Traefik 2.4.3 allows the loading of IFRAME elements from other domains ...) +CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other ...) NOT-FOR-US: Traefik CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...) NOT-FOR-US: VertiGIS WebOffice @@ -1056,8 +1068,8 @@ CVE-2021-26908 RESERVED CVE-2021-26907 RESERVED -CVE-2021-26906 - RESERVED +CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...) + TODO: check CVE-2021-3402 RESERVED CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...) @@ -1400,10 +1412,10 @@ CVE-2021-26749 RESERVED CVE-2021-26748 RESERVED -CVE-2021-26747 - RESERVED -CVE-2021-26746 - RESERVED +CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...) + TODO: check +CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...) + TODO: check CVE-2021-26745 RESERVED CVE-2021-26744 @@ -1464,8 +1476,8 @@ CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-ente NOT-FOR-US: gradle-enterprise-test-distribution-agent CVE-2021-26718 RESERVED -CVE-2021-26717 - RESERVED +CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...) + TODO: check CVE-2021-26716 RESERVED CVE-2021-26715 @@ -1474,8 +1486,8 @@ CVE-2021-26714 RESERVED CVE-2021-26713 RESERVED -CVE-2021-26712 - RESERVED +CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...) + TODO: check CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...) NOT-FOR-US: Redwood Report2Web CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...) @@ -2441,8 +2453,8 @@ CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...) NOT-FOR-US: Wikindx -CVE-2021-3339 - RESERVED +CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...) + TODO: check CVE-2021-3338 RESERVED CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...) |