diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-01-08 08:10:13 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-08 08:10:13 +0000 |
commit | 478dab9aed4824885e10f577afbf43a84502aafa (patch) | |
tree | 7bbdd27d05a4712b25626b265c103f3b30838be7 /data | |
parent | e00d204e190dfbb4917939c36dbd66490d1152c0 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 8 | ||||
-rw-r--r-- | data/CVE/2020.list | 45 | ||||
-rw-r--r-- | data/CVE/2021.list | 44 |
4 files changed, 58 insertions, 41 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 6360dccaca..3a8be60142 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -26763,7 +26763,7 @@ CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row fun - libjpeg9 1:9c-1 (low; bug #902176) - libjpeg-turbo 1:1.4.2-1 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2) -CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in jm ...) +CVE-2018-11212 (An issue was discovered in libjpeg 9a and 9d. The alloc_sarray functio ...) {DLA-1638-1} - libjpeg9 1:9c-1 (low; bug #902176) - libjpeg-turbo 1:1.4.2-1 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 90da85788a..fa62961233 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -6127,10 +6127,10 @@ CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus NOT-FOR-US: Total Defense Anti-virus CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...) NOT-FOR-US: Total Defense Anti-virus -CVE-2019-18643 - RESERVED -CVE-2019-18642 - RESERVED +CVE-2019-18643 (Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to pr ...) + TODO: check +CVE-2019-18642 (Rock RMS version before 8.6 is vulnerable to account takeover by tampe ...) + TODO: check CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...) NOT-FOR-US: Rock RMS CVE-2019-18640 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index cf7e3ad3a3..1f09d306ee 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -332,10 +332,10 @@ CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1 NOT-FOR-US: MiniCMS CVE-2020-36050 RESERVED -CVE-2020-36049 - RESERVED -CVE-2020-36048 - RESERVED +CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...) + TODO: check +CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of service ( ...) + TODO: check CVE-2020-36047 RESERVED CVE-2020-36046 @@ -944,8 +944,8 @@ CVE-2020-35747 RESERVED CVE-2020-35746 RESERVED -CVE-2020-35745 - RESERVED +CVE-2020-35745 (PHPGURUKUL Hospital Management System V 4.0 does not properly restrict ...) + TODO: check CVE-2020-35744 RESERVED CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers can inject ...) @@ -10207,12 +10207,12 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-use CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...) NOT-FOR-US: BookStack CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back again. ...) - {DLA-2507-1} + {DSA-4828-1 DLA-2507-1} - libxstream-java 1.4.15-1 (bug #977624) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh NOTE: https://x-stream.github.io/CVE-2020-26259.html CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back again. ...) - {DLA-2507-1} + {DSA-4828-1 DLA-2507-1} - libxstream-java 1.4.15-1 (bug #977625) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28 NOTE: https://x-stream.github.io/CVE-2020-26258.html @@ -10907,8 +10907,8 @@ CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration & NOT-FOR-US: PHPGurukul CVE-2020-25951 RESERVED -CVE-2020-25950 - RESERVED +CVE-2020-25950 (Advanced Webhost Billing System 3.7.0 is affected by Cross Site Reques ...) + TODO: check CVE-2020-25949 RESERVED CVE-2020-25948 @@ -14124,8 +14124,8 @@ CVE-2020-24579 (An issue was discovered on D-Link DSL-2888A devices with firmwar NOT-FOR-US: D-Link CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...) NOT-FOR-US: D-Link -CVE-2020-24577 - RESERVED +CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...) + TODO: check CVE-2020-24576 RESERVED CVE-2020-24575 @@ -28434,8 +28434,8 @@ CVE-2020-17502 RESERVED CVE-2020-17501 RESERVED -CVE-2020-17500 - RESERVED +CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...) + TODO: check CVE-2020-17499 RESERVED CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...) @@ -31576,6 +31576,7 @@ CVE-2020-16045 RESERVED CVE-2020-16044 RESERVED + {DSA-4827-1} - firefox 84.0.2-1 - firefox-esr 78.6.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044 @@ -38335,14 +38336,14 @@ CVE-2020-13454 RESERVED CVE-2020-13453 RESERVED -CVE-2020-13452 - RESERVED -CVE-2020-13451 - RESERVED -CVE-2020-13450 - RESERVED -CVE-2020-13449 - RESERVED +CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini (writable by ...) + TODO: check +CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering engine of ...) + TODO: check +CVE-2020-13450 (A directory traversal vulnerability in file upload function of Gotenbe ...) + TODO: check +CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of Gotenber ...) + TODO: check CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...) NOT-FOR-US: QuickBox CVE-2020-13447 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 2ea0d89420..7824c0f896 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,19 @@ +CVE-2021-3112 + RESERVED +CVE-2021-3111 + RESERVED +CVE-2021-3110 + RESERVED +CVE-2021-3109 + RESERVED +CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) + TODO: check +CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) + TODO: check +CVE-2021-23240 + RESERVED +CVE-2021-23239 + RESERVED CVE-2021-3108 RESERVED CVE-2021-3107 @@ -1050,8 +1066,8 @@ CVE-2021-3027 RESERVED CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...) NOT-FOR-US: Invision Community IPS Community Suite -CVE-2021-3025 - RESERVED +CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...) + TODO: check CVE-2021-22695 RESERVED CVE-2021-22694 @@ -9371,18 +9387,18 @@ CVE-2021-1058 RESERVED CVE-2021-1057 RESERVED -CVE-2021-1056 - RESERVED -CVE-2021-1055 - RESERVED -CVE-2021-1054 - RESERVED -CVE-2021-1053 - RESERVED -CVE-2021-1052 - RESERVED -CVE-2021-1051 - RESERVED +CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...) + TODO: check +CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...) + TODO: check +CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...) + TODO: check +CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) + TODO: check +CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) + TODO: check +CVE-2021-1051 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...) + TODO: check CVE-2021-1050 RESERVED CVE-2021-1049 |