diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-02-25 20:10:23 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-25 20:10:23 +0000 |
| commit | 532d162355544dc667fc667d155deae3c6439ef8 (patch) | |
| tree | 26db1ea85c82b9f1f7982e9dcd5ceb5dc44c97b7 | |
| parent | 2d955463be92dc0b1d0c61e0c7d782d22a299152 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2017.list | 2 | ||||
| -rw-r--r-- | data/CVE/2020.list | 14 | ||||
| -rw-r--r-- | data/CVE/2021.list | 72 |
3 files changed, 60 insertions, 28 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 0717aff27a..5b6655ea5b 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -2470,7 +2470,7 @@ CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redir ...) NOT-FOR-US: Wordpress plugin Furikake CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with pyth ...) - {DLA-1410-1} + {DLA-2577-1 DLA-1410-1} - python-pysaml2 4.5.0-2 (bug #886423) NOTE: https://github.com/rohe/pysaml2/issues/451 NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index de6ff1bfdb..917f68a05a 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,4 +1,4 @@ -CVE-2020-36254 +CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...) - dropbear 2020.79-1 NOTE: https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff CVE-2020-36253 @@ -7843,8 +7843,8 @@ CVE-2020-27545 RESERVED CVE-2020-27544 RESERVED -CVE-2020-27543 - RESERVED +CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote attackers ...) + TODO: check CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. ...) NOT-FOR-US: Rostelecom CS-C2SHW CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. Agen ...) @@ -16826,8 +16826,8 @@ CVE-2020-23536 RESERVED CVE-2020-23535 RESERVED -CVE-2020-23534 - RESERVED +CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...) + TODO: check CVE-2020-23533 RESERVED CVE-2020-23532 @@ -52359,8 +52359,8 @@ CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083 CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...) NOT-FOR-US: Ruckus -CVE-2020-8032 - RESERVED +CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of cyrus-sasl ...) + TODO: check CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) - open-build-service <unfixed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 1814a24411..5a0afff490 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,33 @@ +CVE-2021-3417 + RESERVED +CVE-2021-3416 + RESERVED +CVE-2021-27736 + RESERVED +CVE-2021-27735 + RESERVED +CVE-2021-27734 + RESERVED +CVE-2021-27733 + RESERVED +CVE-2021-27732 + RESERVED +CVE-2021-27731 + RESERVED +CVE-2021-27730 + RESERVED +CVE-2021-27729 + RESERVED +CVE-2021-27728 + RESERVED +CVE-2021-27727 + RESERVED +CVE-2021-27726 + RESERVED +CVE-2021-27725 + RESERVED +CVE-2021-27724 + RESERVED CVE-2021-27723 RESERVED CVE-2021-27722 @@ -809,8 +839,8 @@ CVE-2021-27332 RESERVED CVE-2021-27331 RESERVED -CVE-2021-27330 - RESERVED +CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by cross-site scri ...) + TODO: check CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...) NOT-FOR-US: Friendica CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...) @@ -4108,8 +4138,8 @@ CVE-2021-3275 RESERVED CVE-2021-3274 RESERVED -CVE-2021-3273 - RESERVED +CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...) + TODO: check CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...) - jasper <removed> NOTE: https://github.com/jasper-software/jasper/issues/259 @@ -8316,7 +8346,7 @@ CVE-2021-23979 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979 CVE-2021-23978 RESERVED - {DSA-4862-1} + {DSA-4862-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird <unfixed> @@ -8341,7 +8371,7 @@ CVE-2021-23974 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974 CVE-2021-23973 RESERVED - {DSA-4862-1} + {DSA-4862-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird <unfixed> @@ -8362,7 +8392,7 @@ CVE-2021-23970 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970 CVE-2021-23969 RESERVED - {DSA-4862-1} + {DSA-4862-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird <unfixed> @@ -8371,7 +8401,7 @@ CVE-2021-23969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969 CVE-2021-23968 RESERVED - {DSA-4862-1} + {DSA-4862-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird <unfixed> @@ -8735,8 +8765,8 @@ CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A lo NOT-FOR-US: flatCore CMS CVE-2021-3125 RESERVED -CVE-2021-3124 - RESERVED +CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...) + TODO: check CVE-2021-3123 RESERVED CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...) @@ -13925,6 +13955,7 @@ CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solutio NOT-FOR-US: NextAuth.js CVE-2021-21309 RESERVED + {DLA-2576-1} - redis 5:6.0.11-1 (bug #983446) [buster] - redis <no-dsa> (Minor issue) NOTE: https://github.com/redis/redis/pull/8522 @@ -14102,6 +14133,7 @@ CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In h NOTE: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc (v0.19.0) NOTE: https://github.com/httplib2/httplib2/pull/182 CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...) + {DLA-2577-1} - python-pysaml2 6.5.1-1 (bug #980772) NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737 @@ -14563,12 +14595,12 @@ CVE-2021-21068 RESERVED CVE-2021-21067 RESERVED -CVE-2021-21066 - RESERVED -CVE-2021-21065 - RESERVED -CVE-2021-21064 - RESERVED +CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...) + TODO: check +CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...) + TODO: check +CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path t ...) + TODO: check CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) @@ -16039,10 +16071,10 @@ CVE-2021-20330 RESERVED CVE-2021-20329 RESERVED -CVE-2021-20328 - RESERVED -CVE-2021-20327 - RESERVED +CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...) + TODO: check +CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...) + TODO: check CVE-2021-20326 RESERVED CVE-2021-20325 |