automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-01-08 08:10:13 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-01-08 08:10:13 +0000
commit: 478dab9aed4824885e10f577afbf43a84502aafa (patch)
tree: 7bbdd27d05a4712b25626b265c103f3b30838be7 /data
parent: e00d204e190dfbb4917939c36dbd66490d1152c0 (diff)
4 files changed, 58 insertions, 41 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 6360dccaca..3a8be60142 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -26763,7 +26763,7 @@ CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row fun
 	- libjpeg9 1:9c-1 (low; bug #902176)
 	- libjpeg-turbo 1:1.4.2-1
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
-CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in jm ...)
+CVE-2018-11212 (An issue was discovered in libjpeg 9a and 9d. The alloc_sarray functio ...)
 	{DLA-1638-1}
 	- libjpeg9 1:9c-1 (low; bug #902176)
 	- libjpeg-turbo 1:1.4.2-1
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 90da85788a..fa62961233 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -6127,10 +6127,10 @@ CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus
 	NOT-FOR-US: Total Defense Anti-virus
 CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...)
 	NOT-FOR-US: Total Defense Anti-virus
-CVE-2019-18643
-	RESERVED
-CVE-2019-18642
-	RESERVED
+CVE-2019-18643 (Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to pr ...)
+	TODO: check
+CVE-2019-18642 (Rock RMS version before 8.6 is vulnerable to account takeover by tampe ...)
+	TODO: check
 CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...)
 	NOT-FOR-US: Rock RMS
 CVE-2019-18640
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index cf7e3ad3a3..1f09d306ee 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -332,10 +332,10 @@ CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1
 	NOT-FOR-US: MiniCMS
 CVE-2020-36050
 	RESERVED
-CVE-2020-36049
-	RESERVED
-CVE-2020-36048
-	RESERVED
+CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...)
+	TODO: check
+CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of service ( ...)
+	TODO: check
 CVE-2020-36047
 	RESERVED
 CVE-2020-36046
@@ -944,8 +944,8 @@ CVE-2020-35747
 	RESERVED
 CVE-2020-35746
 	RESERVED
-CVE-2020-35745
-	RESERVED
+CVE-2020-35745 (PHPGURUKUL Hospital Management System V 4.0 does not properly restrict ...)
+	TODO: check
 CVE-2020-35744
 	RESERVED
 CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers can inject ...)
@@ -10207,12 +10207,12 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-use
 CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...)
 	NOT-FOR-US: BookStack
 CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back again.  ...)
-	{DLA-2507-1}
+	{DSA-4828-1 DLA-2507-1}
 	- libxstream-java 1.4.15-1 (bug #977624)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh
 	NOTE: https://x-stream.github.io/CVE-2020-26259.html
 CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back again.  ...)
-	{DLA-2507-1}
+	{DSA-4828-1 DLA-2507-1}
 	- libxstream-java 1.4.15-1 (bug #977625)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
 	NOTE: https://x-stream.github.io/CVE-2020-26258.html
@@ -10907,8 +10907,8 @@ CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration &amp
 	NOT-FOR-US: PHPGurukul
 CVE-2020-25951
 	RESERVED
-CVE-2020-25950
-	RESERVED
+CVE-2020-25950 (Advanced Webhost Billing System 3.7.0 is affected by Cross Site Reques ...)
+	TODO: check
 CVE-2020-25949
 	RESERVED
 CVE-2020-25948
@@ -14124,8 +14124,8 @@ CVE-2020-24579 (An issue was discovered on D-Link DSL-2888A devices with firmwar
 	NOT-FOR-US: D-Link
 CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
 	NOT-FOR-US: D-Link
-CVE-2020-24577
-	RESERVED
+CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+	TODO: check
 CVE-2020-24576
 	RESERVED
 CVE-2020-24575
@@ -28434,8 +28434,8 @@ CVE-2020-17502
 	RESERVED
 CVE-2020-17501
 	RESERVED
-CVE-2020-17500
-	RESERVED
+CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...)
+	TODO: check
 CVE-2020-17499
 	RESERVED
 CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...)
@@ -31576,6 +31576,7 @@ CVE-2020-16045
 	RESERVED
 CVE-2020-16044
 	RESERVED
+	{DSA-4827-1}
 	- firefox 84.0.2-1
 	- firefox-esr 78.6.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
@@ -38335,14 +38336,14 @@ CVE-2020-13454
 	RESERVED
 CVE-2020-13453
 	RESERVED
-CVE-2020-13452
-	RESERVED
-CVE-2020-13451
-	RESERVED
-CVE-2020-13450
-	RESERVED
-CVE-2020-13449
-	RESERVED
+CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini (writable by ...)
+	TODO: check
+CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering engine of  ...)
+	TODO: check
+CVE-2020-13450 (A directory traversal vulnerability in file upload function of Gotenbe ...)
+	TODO: check
+CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of Gotenber ...)
+	TODO: check
 CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...)
 	NOT-FOR-US: QuickBox
 CVE-2020-13447
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 2ea0d89420..7824c0f896 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,19 @@
+CVE-2021-3112
+	RESERVED
+CVE-2021-3111
+	RESERVED
+CVE-2021-3110
+	RESERVED
+CVE-2021-3109
+	RESERVED
+CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../  ...)
+	TODO: check
+CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../  ...)
+	TODO: check
+CVE-2021-23240
+	RESERVED
+CVE-2021-23239
+	RESERVED
 CVE-2021-3108
 	RESERVED
 CVE-2021-3107
@@ -1050,8 +1066,8 @@ CVE-2021-3027
 	RESERVED
 CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
 	NOT-FOR-US: Invision Community IPS Community Suite
-CVE-2021-3025
-	RESERVED
+CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...)
+	TODO: check
 CVE-2021-22695
 	RESERVED
 CVE-2021-22694
@@ -9371,18 +9387,18 @@ CVE-2021-1058
 	RESERVED
 CVE-2021-1057
 	RESERVED
-CVE-2021-1056
-	RESERVED
-CVE-2021-1055
-	RESERVED
-CVE-2021-1054
-	RESERVED
-CVE-2021-1053
-	RESERVED
-CVE-2021-1052
-	RESERVED
-CVE-2021-1051
-	RESERVED
+CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
+	TODO: check
+CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+	TODO: check
+CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+	TODO: check
+CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+	TODO: check
+CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+	TODO: check
+CVE-2021-1051 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+	TODO: check
 CVE-2021-1050
 	RESERVED
 CVE-2021-1049
author	security tracker role <sectracker@soriano.debian.org>	2021-01-08 08:10:13 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-01-08 08:10:13 +0000
commit	478dab9aed4824885e10f577afbf43a84502aafa (patch)
tree	7bbdd27d05a4712b25626b265c103f3b30838be7 /data
parent	e00d204e190dfbb4917939c36dbd66490d1152c0 (diff)