diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-09 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-09 20:10:22 +0000 |
commit | 8786df5214dec49886af2bc325a644075706d307 (patch) | |
tree | 78bff78a2051f092d7c05a1af2920b04aa062dd2 /data/CVE | |
parent | 762c8ced429619050cc472de4bd1c806138a9329 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2019.list | 8 | ||||
-rw-r--r-- | data/CVE/2020.list | 279 | ||||
-rw-r--r-- | data/CVE/2021.list | 190 |
3 files changed, 241 insertions, 236 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 8d83d016be..1a2b4d6d79 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4295,7 +4295,7 @@ CVE-2019-19321 RESERVED CVE-2019-19320 RESERVED -CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...) +CVE-2019-19319 (In the Linux kernel before 5.2, a setxattr operation, after a mount of ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.2.6-1 [buster] - linux 4.19.87-1 @@ -8568,8 +8568,8 @@ CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys whi NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...) NOT-FOR-US: idreamsoft iCMS -CVE-2019-17582 - RESERVED +CVE-2019-17582 (A use-after-free in the _zip_dirent_read function of zip_dirent.c in l ...) + TODO: check CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...) NOT-FOR-US: tonyy dormsystem CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...) @@ -26339,7 +26339,7 @@ CVE-2019-10944 RESERVED CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens -CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...) +CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2019-10941 RESERVED diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c6f14f4a71..bdcb4f02ad 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -736,10 +736,10 @@ CVE-2020-35945 (An issue was discovered in the Divi Builder plugin, Divi theme, NOT-FOR-US: Divi Builder plugin, Divi theme, and Divi Extra theme for WordPress CVE-2020-35944 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...) NOT-FOR-US: PageLayer plugin for WordPress -CVE-2020-35943 - RESERVED -CVE-2020-35942 - RESERVED +CVE-2020-35943 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...) + TODO: check +CVE-2020-35942 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...) + TODO: check CVE-2020-35941 RESERVED CVE-2020-35940 @@ -1556,8 +1556,8 @@ CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-L NOT-FOR-US: TP-Link CVE-2020-35574 RESERVED -CVE-2020-35572 - RESERVED +CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to the defa ...) + TODO: check CVE-2020-35571 RESERVED CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause a deni ...) @@ -5060,10 +5060,10 @@ CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user coul NOT-FOR-US: Progress MOVEit Transfer CVE-2020-28646 RESERVED -CVE-2020-28645 - RESERVED -CVE-2020-28644 - RESERVED +CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...) + TODO: check +CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...) + TODO: check CVE-2020-28643 RESERVED CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail gener ...) @@ -5592,33 +5592,33 @@ CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All NOT-FOR-US: Siemens CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...) NOT-FOR-US: Siemens -CVE-2020-28394 - RESERVED +CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check CVE-2020-28393 RESERVED -CVE-2020-28392 - RESERVED +CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...) + TODO: check CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (V8.2), ...) NOT-FOR-US: Siemens CVE-2020-28389 RESERVED -CVE-2020-28388 - RESERVED +CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All versions < ...) + TODO: check CVE-2020-28387 RESERVED -CVE-2020-28386 (A vulnerability has been identified in Solid Edge (All Versions < S ...) +CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28385 RESERVED -CVE-2020-28384 (A vulnerability has been identified in Solid Edge (All Versions < S ...) +CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28383 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) NOT-FOR-US: Siemens -CVE-2020-28382 (A vulnerability has been identified in Solid Edge (All Versions < S ...) +CVE-2020-28382 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens -CVE-2020-28381 (A vulnerability has been identified in Solid Edge (All Versions < S ...) +CVE-2020-28381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28380 RESERVED @@ -6783,12 +6783,12 @@ CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive NOT-FOR-US: NEC ESMPRO Manager CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CA Arcserve -CVE-2020-27857 - RESERVED -CVE-2020-27856 - RESERVED -CVE-2020-27855 - RESERVED +CVE-2020-27857 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-27856 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-27855 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check CVE-2020-27854 RESERVED CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...) @@ -8313,16 +8313,16 @@ CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6 NOT-FOR-US: KEPServerEX CVE-2020-27262 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...) NOT-FOR-US: Innokas Yhtyma Oy -CVE-2020-27261 - RESERVED +CVE-2020-27261 (The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based ...) + TODO: check CVE-2020-27260 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...) NOT-FOR-US: Innokas Yhtyma Oy -CVE-2020-27259 - RESERVED +CVE-2020-27259 (The Omron CX-One Version 4.60 and prior may allow an attacker to suppl ...) + TODO: check CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. -CVE-2020-27257 - RESERVED +CVE-2020-27257 (This vulnerability allows local attackers to execute arbitrary code du ...) + TODO: check CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...) @@ -8854,63 +8854,63 @@ CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterS NOT-FOR-US: Trend Micro CVE-2020-27009 RESERVED -CVE-2020-27008 - RESERVED -CVE-2020-27007 - RESERVED -CVE-2020-27006 - RESERVED -CVE-2020-27005 - RESERVED -CVE-2020-27004 - RESERVED -CVE-2020-27003 - RESERVED -CVE-2020-27002 - RESERVED -CVE-2020-27001 - RESERVED -CVE-2020-27000 - RESERVED -CVE-2020-26999 - RESERVED -CVE-2020-26998 - RESERVED +CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27007 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27006 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27005 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27004 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27003 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27002 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27001 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-27000 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-26999 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check +CVE-2020-26998 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + TODO: check CVE-2020-26997 RESERVED -CVE-2020-26996 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26996 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26995 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26995 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26994 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26994 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26993 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26993 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26992 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26992 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26991 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26991 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26990 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26990 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26989 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26988 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26988 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26987 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26987 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26986 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26986 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26985 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26985 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26984 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26984 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26983 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26983 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26982 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26982 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26981 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26981 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go -CVE-2020-26980 (A vulnerability has been identified in JT2Go (All Versions < V13.1. ...) +CVE-2020-26980 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26979 (When a user typed a URL in the address bar or the search bar and quick ...) - firefox 84.0-1 @@ -13044,8 +13044,8 @@ CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 1 NOT-FOR-US: Hyland OnBase CVE-2020-25246 RESERVED -CVE-2020-25245 - RESERVED +CVE-2020-25245 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...) + TODO: check CVE-2020-25244 RESERVED CVE-2020-25243 @@ -13058,10 +13058,10 @@ CVE-2020-25240 RESERVED CVE-2020-25239 RESERVED -CVE-2020-25238 - RESERVED -CVE-2020-25237 - RESERVED +CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration Console ...) + TODO: check +CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + TODO: check CVE-2020-25236 RESERVED CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) @@ -18099,10 +18099,10 @@ CVE-2020-22843 RESERVED CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...) NOT-FOR-US: CMS Made Simple -CVE-2020-22841 - RESERVED -CVE-2020-22840 - RESERVED +CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attac ...) + TODO: check +CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...) + TODO: check CVE-2020-22839 RESERVED CVE-2020-22838 @@ -27373,8 +27373,8 @@ CVE-2020-18217 RESERVED CVE-2020-18216 RESERVED -CVE-2020-18215 - RESERVED +CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...) + TODO: check CVE-2020-18214 RESERVED CVE-2020-18213 @@ -29002,44 +29002,44 @@ CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and o [stretch] - open-iscsi <no-dsa> (Minor issue) NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ NOTE: Adressed upstream in 2.1.3 release -CVE-2020-17436 - RESERVED -CVE-2020-17435 - RESERVED -CVE-2020-17434 - RESERVED -CVE-2020-17433 - RESERVED -CVE-2020-17432 - RESERVED -CVE-2020-17431 - RESERVED -CVE-2020-17430 - RESERVED -CVE-2020-17429 - RESERVED -CVE-2020-17428 - RESERVED -CVE-2020-17427 - RESERVED -CVE-2020-17426 - RESERVED -CVE-2020-17425 - RESERVED -CVE-2020-17424 - RESERVED -CVE-2020-17423 - RESERVED -CVE-2020-17422 - RESERVED -CVE-2020-17421 - RESERVED -CVE-2020-17420 - RESERVED -CVE-2020-17419 - RESERVED -CVE-2020-17418 - RESERVED +CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -31737,8 +31737,8 @@ CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in H NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8) NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15) NOTE: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e (1.2.12) -CVE-2020-16144 - RESERVED +CVE-2020-16144 (When using an object storage like S3 as the file store, when a user cr ...) + TODO: check CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...) - seafile-client <not-affected> (Windows-specific) CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...) @@ -31983,8 +31983,7 @@ CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0 TODO: check CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...) TODO: check -CVE-2020-16044 - RESERVED +CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...) {DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1} - firefox 84.0.2-1 - firefox-esr 78.6.1esr-1 @@ -32758,8 +32757,8 @@ CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch fam NOT-FOR-US: Siemens CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens -CVE-2020-15798 - RESERVED +CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...) + TODO: check CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...) NOT-FOR-US: DCA Vantage Analyzer CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) @@ -39568,8 +39567,8 @@ CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...) NOT-FOR-US: ismartgate PRO CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...) NOT-FOR-US: Mikrotik-Router-Monitoring-System -CVE-2020-13117 - RESERVED +CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...) + TODO: check CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an ...) NOT-FOR-US: OpenText Carbonite Server Backup Portal CVE-2020-13115 @@ -47477,8 +47476,8 @@ CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Man NOT-FOR-US: Siemens CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens -CVE-2020-10048 - RESERVED +CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...) + TODO: check CVE-2020-10047 RESERVED CVE-2020-10046 @@ -59560,10 +59559,10 @@ CVE-2020-4998 RESERVED CVE-2020-4997 RESERVED -CVE-2020-4996 - RESERVED -CVE-2020-4995 - RESERVED +CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) + TODO: check +CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not inval ...) + TODO: check CVE-2020-4994 RESERVED CVE-2020-4993 @@ -59962,18 +59961,18 @@ CVE-2020-4797 RESERVED CVE-2020-4796 RESERVED -CVE-2020-4795 - RESERVED +CVE-2020-4795 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...) + TODO: check CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Busines ...) NOT-FOR-US: IBM CVE-2020-4793 RESERVED CVE-2020-4792 RESERVED -CVE-2020-4791 - RESERVED -CVE-2020-4790 - RESERVED +CVE-2020-4791 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) + TODO: check +CVE-2020-4790 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) + TODO: check CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...) NOT-FOR-US: IBM CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index ab2b62027c..ef6b8be89a 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,43 @@ +CVE-2021-3404 + RESERVED +CVE-2021-3403 + RESERVED +CVE-2021-26936 + RESERVED +CVE-2021-26935 + RESERVED +CVE-2021-26934 + RESERVED +CVE-2021-26933 + RESERVED +CVE-2021-26932 + RESERVED +CVE-2021-26931 + RESERVED +CVE-2021-26930 + RESERVED +CVE-2021-26929 + RESERVED +CVE-2021-26928 + RESERVED +CVE-2021-26927 + RESERVED +CVE-2021-26926 + RESERVED +CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...) + TODO: check +CVE-2021-26924 + RESERVED +CVE-2021-26923 + RESERVED +CVE-2021-26922 + RESERVED +CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...) + TODO: check +CVE-2021-26920 + RESERVED +CVE-2021-26919 + RESERVED CVE-2021-26918 (The ProBot bot through 2021-02-08 for Discord might allow attackers to ...) NOT-FOR-US: ProBot bot CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write ...) @@ -417,8 +457,8 @@ CVE-2021-26721 RESERVED CVE-2021-26720 RESERVED -CVE-2021-26719 - RESERVED +CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...) + TODO: check CVE-2021-26718 RESERVED CVE-2021-26717 @@ -525,14 +565,12 @@ CVE-2021-3397 RESERVED CVE-2021-3396 RESERVED -CVE-2021-26676 - RESERVED +CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...) {DSA-4847-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 -CVE-2021-26675 - RESERVED +CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...) {DSA-4847-1} - connman 1.36-2.1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb @@ -692,8 +730,8 @@ CVE-2021-26598 RESERVED CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...) NOT-FOR-US: Pryaniki -CVE-2021-3394 - RESERVED +CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...) + TODO: check CVE-2021-3393 RESERVED CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests] @@ -805,10 +843,10 @@ CVE-2021-26552 RESERVED CVE-2021-26551 RESERVED -CVE-2021-26550 - RESERVED -CVE-2021-26549 - RESERVED +CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...) + TODO: check +CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to ...) + TODO: check CVE-2021-3386 RESERVED CVE-2021-3385 @@ -2969,8 +3007,8 @@ CVE-2021-3193 (Improper access and command validation in the Nagios Docker Confi NOT-FOR-US: Nagios XI CVE-2021-3192 RESERVED -CVE-2021-3191 - RESERVED +CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...) + TODO: check CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...) NOT-FOR-US: Node async-git CVE-2021-25678 @@ -2997,8 +3035,8 @@ CVE-2021-25668 RESERVED CVE-2021-25667 RESERVED -CVE-2021-25666 - RESERVED +CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...) + TODO: check CVE-2021-25665 RESERVED CVE-2021-25664 @@ -4189,12 +4227,12 @@ CVE-2021-25143 RESERVED CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE -CVE-2021-25141 - RESERVED -CVE-2021-25140 - RESERVED -CVE-2021-25139 - RESERVED +CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...) + TODO: check +CVE-2021-25140 (A potential security vulnerability has been identified in the HPE Moon ...) + TODO: check +CVE-2021-25139 (A potential security vulnerability has been identified in the HPE Moon ...) + TODO: check CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) @@ -7981,8 +8019,8 @@ CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to TODO: check CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...) TODO: check -CVE-2021-23327 - RESERVED +CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...) + TODO: check CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...) NOT-FOR-US: graphql-tools/git-loader CVE-2021-23325 @@ -9308,8 +9346,8 @@ CVE-2021-22665 RESERVED CVE-2021-22664 RESERVED -CVE-2021-22663 - RESERVED +CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...) + TODO: check CVE-2021-22662 RESERVED CVE-2021-22661 @@ -10100,8 +10138,8 @@ CVE-2021-22269 RESERVED CVE-2021-22268 RESERVED -CVE-2021-22267 - RESERVED +CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...) + TODO: check CVE-2021-22266 RESERVED CVE-2021-22265 @@ -12426,162 +12464,130 @@ CVE-2021-21150 RESERVED CVE-2021-21149 RESERVED -CVE-2021-21148 - RESERVED +CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 all ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21147 - RESERVED +CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to 88.0.43 ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21146 - RESERVED +CVE-2021-21146 (Use after free in Navigation in Google Chrome prior to 88.0.4324.146 a ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21145 - RESERVED +CVE-2021-21145 (Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowe ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21144 - RESERVED +CVE-2021-21144 (Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21143 - RESERVED +CVE-2021-21143 (Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21142 - RESERVED +CVE-2021-21142 (Use after free in Payments in Google Chrome on Mac prior to 88.0.4324. ...) {DSA-4846-1} - chromium 88.0.4324.146-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21141 - RESERVED +CVE-2021-21141 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21140 - RESERVED +CVE-2021-21140 (Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowe ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21139 - RESERVED +CVE-2021-21139 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21138 - RESERVED +CVE-2021-21138 (Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allo ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21137 - RESERVED +CVE-2021-21137 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21136 - RESERVED +CVE-2021-21136 (Insufficient policy enforcement in WebView in Google Chrome on Android ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21135 - RESERVED +CVE-2021-21135 (Inappropriate implementation in Performance API in Google Chrome prior ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21134 - RESERVED +CVE-2021-21134 (Incorrect security UI in Page Info in Google Chrome on iOS prior to 88 ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21133 - RESERVED +CVE-2021-21133 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21132 - RESERVED +CVE-2021-21132 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21131 - RESERVED +CVE-2021-21131 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21130 - RESERVED +CVE-2021-21130 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21129 - RESERVED +CVE-2021-21129 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21128 - RESERVED +CVE-2021-21128 (Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 a ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21127 - RESERVED +CVE-2021-21127 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21126 - RESERVED +CVE-2021-21126 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21125 - RESERVED +CVE-2021-21125 (Insufficient policy enforcement in File System API in Google Chrome on ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21124 - RESERVED +CVE-2021-21124 (Potential user after free in Speech Recognizer in Google Chrome on And ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21123 - RESERVED +CVE-2021-21123 (Insufficient data validation in File System API in Google Chrome prior ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21122 - RESERVED +CVE-2021-21122 (Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21121 - RESERVED +CVE-2021-21121 (Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21120 - RESERVED +CVE-2021-21120 (Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowe ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21119 - RESERVED +CVE-2021-21119 (Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21118 - RESERVED +CVE-2021-21118 (Insufficient data validation in V8 in Google Chrome prior to 88.0.4324 ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21117 - RESERVED +CVE-2021-21117 (Insufficient policy enforcement in Cryptohome in Google Chrome prior t ...) {DSA-4846-1} - chromium 88.0.4324.96-0.1 (bug #980564) [stretch] - chromium <end-of-life> (see DSA 4562) |