diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-01-06 20:17:10 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-06 20:17:10 +0000 |
commit | 6b47c1903166d56830b48174bfb4747bc2ee0375 (patch) | |
tree | d0fa59c57dd161922327264253a636d9bd455901 /data/CVE | |
parent | f77098be074a6ca6e8621acf575a9f2b1eec2732 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2012.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 8 | ||||
-rw-r--r-- | data/CVE/2020.list | 84 | ||||
-rw-r--r-- | data/CVE/2021.list | 10 |
5 files changed, 66 insertions, 40 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 87bc232ef9..a1a5504447 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1,3 +1,5 @@ +CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress does not cl ...) + TODO: check CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) NOT-FOR-US: SocialEngine CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index f5cd5cb7fa..5588f4caf5 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -11741,12 +11741,14 @@ CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in t CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...) NOT-FOR-US: Ansible Tower CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...) + {DLA-2519-1} - pacemaker 2.0.1-3 (bug #927714) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...) + {DLA-2519-1} - pacemaker 2.0.1-3 (bug #927714) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 94a4c1accf..9429b64bdf 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -10144,8 +10144,8 @@ CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in Fusi NOT-FOR-US: FusionPBX CVE-2019-16963 RESERVED -CVE-2019-16962 - RESERVED +CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...) + TODO: check CVE-2019-16961 RESERVED CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...) @@ -10160,8 +10160,8 @@ CVE-2019-16956 (SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type NOT-FOR-US: SolarWinds CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...) NOT-FOR-US: SolarWinds -CVE-2019-16954 - RESERVED +CVE-2019-16954 (SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in ...) + TODO: check CVE-2019-16953 RESERVED CVE-2019-16952 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 76a38abace..5a70751031 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,19 @@ +CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...) + TODO: check +CVE-2020-36176 (The iThemes Security (formerly Better WP Security) plugin before 7.7.0 ...) + TODO: check +CVE-2020-36175 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers ...) + TODO: check +CVE-2020-36174 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via s ...) + TODO: check +CVE-2020-36173 (The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for ...) + TODO: check +CVE-2020-36172 (The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandl ...) + TODO: check +CVE-2020-36171 (The Elementor Website Builder plugin before 3.0.14 for WordPress does ...) + TODO: check +CVE-2020-36170 (The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidd ...) + TODO: check CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCe ...) NOT-FOR-US: Veritas CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It ...) @@ -923,7 +939,7 @@ CVE-2020-35719 RESERVED CVE-2020-35718 RESERVED -CVE-2020-35717 (zonote <=0.4.0 allows XSS via crafted note, with resultant Remote C ...) +CVE-2020-35717 (zonote through 0.4.0 allows XSS via a crafted note, with resultant Rem ...) NOT-FOR-US: zonote CVE-2020-35716 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...) NOT-FOR-US: Belkin LINKSYS RE6500 devices @@ -7820,20 +7836,20 @@ CVE-2020-27287 RESERVED CVE-2020-27286 RESERVED -CVE-2020-27285 - RESERVED +CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior to 3119 ...) + TODO: check CVE-2020-27284 RESERVED -CVE-2020-27283 - RESERVED +CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...) + TODO: check CVE-2020-27282 RESERVED CVE-2020-27281 RESERVED CVE-2020-27280 RESERVED -CVE-2020-27279 - RESERVED +CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...) + TODO: check CVE-2020-27278 RESERVED CVE-2020-27277 @@ -9043,8 +9059,8 @@ CVE-2020-26761 RESERVED CVE-2020-26760 RESERVED -CVE-2020-26759 - RESERVED +CVE-2020-26759 (clickhouse-driver before 0.1.5 allows a malicious clickhouse server to ...) + TODO: check CVE-2020-26758 RESERVED CVE-2020-26757 @@ -11616,7 +11632,7 @@ CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...) NOT-FOR-US: Red Hat open-cluster-management CVE-2020-25654 (An ACL bypass flaw was found in pacemaker. An attacker having a local ...) - {DSA-4791-1} + {DSA-4791-1 DLA-2519-1} - pacemaker 2.0.5~rc2-1 (bug #973254) NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191 @@ -38052,10 +38068,10 @@ CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine o NOT-FOR-US: Foxit CVE-2020-13546 RESERVED -CVE-2020-13545 - RESERVED -CVE-2020-13544 - RESERVED +CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...) + TODO: check +CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...) + TODO: check CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functionality o ...) {DSA-4797-1} - webkit2gtk 2.30.3-1 @@ -45622,14 +45638,14 @@ CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3. NOT-FOR-US: HashiCorp Vault CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...) NOT-FOR-US: Entrust Entelligence Security Provider (ESP) -CVE-2020-10658 - RESERVED -CVE-2020-10657 - RESERVED -CVE-2020-10656 - RESERVED -CVE-2020-10655 - RESERVED +CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + TODO: check +CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + TODO: check +CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + TODO: check +CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + TODO: check CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...) NOT-FOR-US: Ping Identity PingID CVE-2020-10653 @@ -49622,8 +49638,8 @@ CVE-2020-8886 RESERVED CVE-2020-8885 RESERVED -CVE-2020-8884 - RESERVED +CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows Agent (form ...) + TODO: check CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -51422,8 +51438,8 @@ CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 tha NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94 -CVE-2020-8160 - RESERVED +CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the openid h ...) + TODO: check CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue) @@ -52310,7 +52326,7 @@ CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The NOT-FOR-US: phpoffice/phpspreadsheet CVE-2020-7775 RESERVED -CVE-2020-7774 (This affects the package y18n before 4.0.1 and 5.0.5. PoC by po6ix: co ...) +CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...) - node-y18n 4.0.0-3 (bug #976390) [buster] - node-y18n <no-dsa> (Minor issue) [stretch] - node-y18n <no-dsa> (Minor issue) @@ -58826,15 +58842,15 @@ CVE-2020-5108 CVE-2020-5107 RESERVED CVE-2020-5106 - RESERVED + REJECTED CVE-2020-5105 - RESERVED + REJECTED CVE-2020-5104 - RESERVED + REJECTED CVE-2020-5103 - RESERVED + REJECTED CVE-2020-5102 - RESERVED + REJECTED CVE-2020-5101 REJECTED CVE-2020-5100 @@ -60368,8 +60384,8 @@ CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive inf NOT-FOR-US: IBM CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker ...) NOT-FOR-US: IBM -CVE-2020-4336 - RESERVED +CVE-2020-4336 (IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL ...) + TODO: check CVE-2020-4335 RESERVED CVE-2020-4334 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 3c45a81cc1..dbe77d8fc7 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,9 @@ +CVE-2021-3029 + RESERVED +CVE-2021-3028 + RESERVED +CVE-2021-22696 + RESERVED CVE-2021-3027 RESERVED CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...) @@ -2970,8 +2976,8 @@ CVE-2021-21238 RESERVED CVE-2021-21237 RESERVED -CVE-2021-21236 - RESERVED +CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...) + TODO: check CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...) - rust-kamadak-exif <unfixed> NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2 |