diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-12-30 08:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-12-30 08:10:22 +0000 |
commit | 0ff2d82d2f977509121697898ba9ef651df5d11d (patch) | |
tree | a8e47c5c16afd5a38aafd9b0e09da3ef9e622145 /data/CVE | |
parent | bddf4e413d4e82019e967d3e796f95777406e807 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 208 | ||||
-rw-r--r-- | data/CVE/2021.list | 20 |
3 files changed, 200 insertions, 30 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 4a8c509a1d..2b864eae52 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -14158,7 +14158,7 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an E - libav <removed> [jessie] - libav <not-affected> (vulnerable code is not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6 -CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...) +CVE-2017-14058 (In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c d ...) {DSA-3996-1 DLA-1740-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 8973fde96d..700e2e6068 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,153 @@ +CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...) + TODO: check +CVE-2020-35849 + RESERVED +CVE-2020-35848 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...) + TODO: check +CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...) + TODO: check +CVE-2020-35846 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...) + TODO: check +CVE-2020-35845 + RESERVED +CVE-2020-35844 + RESERVED +CVE-2020-35843 + RESERVED +CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + TODO: check +CVE-2020-35841 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + TODO: check +CVE-2020-35840 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + TODO: check +CVE-2020-35839 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35838 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35837 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35836 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35835 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35834 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35833 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35832 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35831 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35830 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35829 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35828 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35827 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35826 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35825 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35824 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35823 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35822 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35821 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35820 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35819 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35818 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35817 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35816 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35815 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35814 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35813 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35812 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35811 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35810 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35809 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35808 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...) + TODO: check +CVE-2020-35807 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35806 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35805 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-35804 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + TODO: check +CVE-2020-35803 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + TODO: check +CVE-2020-35802 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + TODO: check +CVE-2020-35801 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + TODO: check +CVE-2020-35800 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + TODO: check +CVE-2020-35799 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + TODO: check +CVE-2020-35798 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-35797 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...) + TODO: check +CVE-2020-35796 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + TODO: check +CVE-2020-35795 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + TODO: check +CVE-2020-35794 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-35793 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-35792 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-35791 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-35790 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-35789 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...) + TODO: check +CVE-2020-35788 (NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overfl ...) + TODO: check +CVE-2020-35787 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + TODO: check +CVE-2020-35786 (NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflo ...) + TODO: check +CVE-2020-35785 (NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authenticat ...) + TODO: check +CVE-2020-35784 (Certain NETGEAR devices are affected by lack of access control at the ...) + TODO: check +CVE-2020-35783 (Certain NETGEAR devices are affected by lack of access control at the ...) + TODO: check +CVE-2020-35782 (Certain NETGEAR devices are affected by lack of access control at the ...) + TODO: check +CVE-2020-35781 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...) + TODO: check +CVE-2020-35780 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...) + TODO: check +CVE-2020-35779 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...) + TODO: check +CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 be ...) + TODO: check +CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command inj ...) + TODO: check +CVE-2020-35776 + RESERVED CVE-2020-35775 RESERVED CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...) @@ -1699,8 +1849,8 @@ CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote attackers to cause a de NOT-FOR-US: MiniWeb HTTP server CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 ...) NOT-FOR-US: ACDSee Photo Studio Studio Professional -CVE-2020-29594 - RESERVED +CVE-2020-29594 (Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x be ...) + TODO: check CVE-2020-29593 RESERVED CVE-2020-29592 @@ -4593,17 +4743,17 @@ CVE-2020-28285 RESERVED CVE-2020-28284 RESERVED -CVE-2020-28283 (Prototype pollution vulnerability in ‘libnested’ versions ...) +CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0 throug ...) TODO: check -CVE-2020-28282 (Prototype pollution vulnerability in ‘getobject’ version 0 ...) +CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows ...) TODO: check -CVE-2020-28281 (Prototype pollution vulnerability in ‘set-object-value’ ve ...) +CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 ...) TODO: check -CVE-2020-28280 (Prototype pollution vulnerability in ‘predefine’ versions ...) +CVE-2020-28280 (Prototype pollution vulnerability in 'predefine' versions 0.0.0 throug ...) TODO: check -CVE-2020-28279 (Prototype pollution vulnerability in ‘flattenizer’ version ...) +CVE-2020-28279 (Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 thro ...) TODO: check -CVE-2020-28278 (Prototype pollution vulnerability in ‘shvl’ versions 1.0.0 ...) +CVE-2020-28278 (Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0 ...) TODO: check CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0 ...) TODO: check @@ -6189,12 +6339,12 @@ CVE-2020-27647 RESERVED CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1 ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) -CVE-2020-27645 - RESERVED -CVE-2020-27644 - RESERVED -CVE-2020-27643 - RESERVED +CVE-2020-27645 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...) + TODO: check +CVE-2020-27644 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...) + TODO: check +CVE-2020-27643 (The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0 ...) + TODO: check CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 'merge accoun ...) NOT-FOR-US: BigBlueButton CVE-2020-27641 @@ -11813,7 +11963,7 @@ CVE-2020-25201 (HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a [buster] - consul <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/hashicorp/consul/pull/9024 NOTE: https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020 -CVE-2020-25200 (Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames ...) +CVE-2020-25200 (** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate vali ...) NOT-FOR-US: Pritunl CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WECON Lev ...) NOT-FOR-US: WECON LeviStudioU @@ -30101,8 +30251,8 @@ CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...) - radare2 <unfixed> NOTE: https://github.com/radareorg/radare2/issues/17383 -CVE-2020-16268 - RESERVED +CVE-2020-16268 (The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote a ...) + TODO: check CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...) @@ -45607,16 +45757,16 @@ CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SS NOT-FOR-US: Responsive FileManager CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...) NOT-FOR-US: Mitel -CVE-2020-10210 - RESERVED -CVE-2020-10209 - RESERVED -CVE-2020-10208 - RESERVED -CVE-2020-10207 - RESERVED -CVE-2020-10206 - RESERVED +CVE-2020-10210 (Because of hard-coded SSH keys for the root user in Amino Communicatio ...) + TODO: check +CVE-2020-10209 (Command Injection in the CPE WAN Management Protocol (CWMP) registrati ...) + TODO: check +CVE-2020-10208 (Command Injection in EntoneWebEngine in Amino Communications AK45x ser ...) + TODO: check +CVE-2020-10207 (Use of Hard-coded Credentials in EntoneWebEngine in Amino Communicatio ...) + TODO: check +CVE-2020-10206 (Use of a Hard-coded Password in VNCserver in Amino Communications AK45 ...) + TODO: check CVE-2020-10205 RESERVED CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...) @@ -45760,8 +45910,8 @@ CVE-2020-10150 RESERVED CVE-2020-10149 RESERVED -CVE-2020-10148 - RESERVED +CVE-2020-10148 (The SolarWinds Orion API is vulnerable to an authentication bypass tha ...) + TODO: check CVE-2020-10147 RESERVED CVE-2020-10146 (The Microsoft Teams online service contains a stored cross-site script ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 5bc15c5032..fd0787b1ef 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,23 @@ +CVE-2021-21443 + RESERVED +CVE-2021-21442 + RESERVED +CVE-2021-21441 + RESERVED +CVE-2021-21440 + RESERVED +CVE-2021-21439 + RESERVED +CVE-2021-21438 + RESERVED +CVE-2021-21437 + RESERVED +CVE-2021-21436 + RESERVED +CVE-2021-21435 + RESERVED +CVE-2021-21434 + RESERVED CVE-2021-21433 RESERVED CVE-2021-21432 |