diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-20 08:10:26 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-20 08:10:26 +0000 |
commit | e66ea3c68e8d9e245ffeae15f0385cc608ed3c63 (patch) | |
tree | dd9d1fc686c6d72f0827ec5ead021f7f83a0d904 | |
parent | 0408b86dd0eb790c23e9b33d2f8119c9cbc99277 (diff) |
automatic update
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2017.list | 1 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 37 | ||||
-rw-r--r-- | data/CVE/2021.list | 31 |
5 files changed, 45 insertions, 28 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index d743ecdd9a..5cf1d7ce53 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -5427,7 +5427,7 @@ CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c i [squeeze] - xen <end-of-life> (not supported in squeeze-lts) NOTE: http://xenbits.xen.org/xsa/advisory-145.html CVE-2015-8011 (Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...) - {DSA-4836-1} + {DSA-4836-1 DLA-2571-1} - lldpd 0.7.19-1 [jessie] - lldpd 0.7.11-2+deb8u1 [wheezy] - lldpd <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index dc9adfc124..f83443099d 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -27965,6 +27965,7 @@ CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghos CVE-2017-9215 RESERVED CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...) + {DLA-2571-1} [experimental] - openvswitch 2.8.1+dfsg1-1 - openvswitch 2.8.1+dfsg1-2 (bug #863228) [jessie] - openvswitch <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 70e1cb2764..9eba002158 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -10914,6 +10914,7 @@ CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated command CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42. By acc ...) NOT-FOR-US: Snap Creek Duplicator CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...) + {DLA-2571-1} - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 [jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function) NOTE: https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226 (master) @@ -10928,6 +10929,7 @@ CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7. NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8) NOTE: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 (branch-2.7) CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...) + {DLA-2571-1} - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 [jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function) NOTE: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index cdc03f76fa..0d597260a5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1823,15 +1823,14 @@ CVE-2020-35501 NOTE: https://www.openwall.com/lists/oss-security/2021/02/18/1 CVE-2020-35500 REJECTED -CVE-2020-35499 - RESERVED +CVE-2020-35499 (A NULL pointer dereference flaw in kernel versions prior to 5.11 may b ...) - linux 5.10.4-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910048 NOTE: https://git.kernel.org/linus/f6b8c6b5543983e9de29dc14716bfa4eb3f157c4 CVE-2020-35498 (A vulnerability was found in openvswitch. A limitation in the implemen ...) - {DSA-4852-1} + {DSA-4852-1 DLA-2571-1} - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bug #982493) NOTE: master: https://github.com/openvswitch/ovs/commit/79349cbab0b2a755140eedb91833ad2760520a83 NOTE: 2.15: https://github.com/openvswitch/ovs/commit/0625dc79aec73b966f206e55655a2816696246d0 @@ -5994,8 +5993,8 @@ CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remot NOT-FOR-US: Cellinx NVT Web Server CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. ...) NOT-FOR-US: Joplin -CVE-2020-28248 - RESERVED +CVE-2020-28248 (An integer overflow in the PngImg::InitStorage_() function of png-img ...) + TODO: check CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...) NOT-FOR-US: Node lettre CVE-2020-28246 @@ -6570,8 +6569,8 @@ CVE-2020-27999 RESERVED CVE-2020-27998 (An issue was discovered in FastReport before 2020.4.0. It lacks a Scri ...) NOT-FOR-US: FastReport -CVE-2020-27997 - RESERVED +CVE-2020-27997 (An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross S ...) + TODO: check CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does not pro ...) NOT-FOR-US: SmartStoreNET CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...) @@ -6958,7 +6957,7 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0. NOTE: https://github.com/jasper-software/jasper/pull/253 CVE-2020-27827 [lldp: avoid memory leak from bad packets] RESERVED - {DSA-4836-1} + {DSA-4836-1 DLA-2571-1} - lldpd 1.0.8-1 [buster] - lldpd <no-dsa> (Minor issue) [stretch] - lldpd <no-dsa> (Minor issue) @@ -7087,7 +7086,7 @@ CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI, wh [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d CVE-2020-27785 - RESERVED + REJECTED CVE-2020-27784 RESERVED CVE-2020-27783 (A XSS vulnerability was discovered in python-lxml's clean module. The ...) @@ -14505,8 +14504,8 @@ CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check NOT-FOR-US: Shotcut CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...) NOT-FOR-US: JetBrains -CVE-2020-24617 - RESERVED +CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribe ...) + TODO: check CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) - jackson-databind 2.12.1-1 [buster] - jackson-databind <no-dsa> (Minor issue) @@ -15009,10 +15008,10 @@ CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS serv [buster] - linux 4.19.131-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/22cf8419f1319ff87ec759d0ebdff4cbafaee832 -CVE-2020-24393 - RESERVED -CVE-2020-24392 - RESERVED +CVE-2020-24393 (TweetStream 2.6.1 uses the library eventmachine in an insecure way tha ...) + TODO: check +CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...) + TODO: check CVE-2020-24391 RESERVED CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...) @@ -40177,8 +40176,8 @@ CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate a NOT-FOR-US: Veritas CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) NOT-FOR-US: Veritas -CVE-2020-12873 - RESERVED +CVE-2020-12873 (An issue was discovered in Alfresco Enterprise Content Management (ECM ...) + TODO: check CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) - erlang 1:21.2.6+dfsg-1 (low) [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3 @@ -40792,8 +40791,8 @@ CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save functi - webmin <removed> CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) - dolibarr <removed> -CVE-2020-12668 - RESERVED +CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...) + TODO: check CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver 5.1.1-0.1 (bug #961076) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ diff --git a/data/CVE/2021.list b/data/CVE/2021.list index cd2575e19a..3b56662b74 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,9 @@ +CVE-2021-27509 (In Visualware MyConnection Server before 11.0b build 5382, each publis ...) + TODO: check +CVE-2021-27508 + RESERVED +CVE-2021-27507 + RESERVED CVE-2021-27506 RESERVED CVE-2021-27505 @@ -1707,8 +1713,7 @@ CVE-2021-26715 RESERVED CVE-2021-26714 RESERVED -CVE-2021-26713 - RESERVED +CVE-2021-26713 (A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...) - asterisk <not-affected> (Only affects 16.16.0 onwards) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-004.html CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...) @@ -4335,8 +4340,8 @@ CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 t NOTE: Introduced by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5b58dad089880127674d460494d1a9d68109b3d7 (4.14.0-rc1) NOTE: Issue backported to 4.12.3 and 4.13.1 NOTE: Fixed by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=58427889f5a420cc5226f88524b3228f90b72a58 -CVE-2021-3189 - RESERVED +CVE-2021-3189 (The slashify package 1.0.0 for Node.js allows open-redirect attacks, a ...) + TODO: check CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email parameter, an ...) - phplist <itp> (bug #612288) CVE-2021-3187 @@ -13754,41 +13759,51 @@ CVE-2021-21158 RESERVED CVE-2021-21157 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21156 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21155 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21154 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21153 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21152 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21151 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21150 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21149 RESERVED + {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 all ...) + {DSA-4858-1} - chromium 88.0.4324.150-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to 88.0.43 ...) @@ -14993,10 +15008,10 @@ CVE-2021-20590 RESERVED CVE-2021-20589 RESERVED -CVE-2021-20588 - RESERVED -CVE-2021-20587 - RESERVED +CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...) + TODO: check +CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...) + TODO: check CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...) NOT-FOR-US: Mitsubishi CVE-2021-20585 |