diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-02-27 08:10:19 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-27 08:10:19 +0000 |
| commit | 4c6194f43e693ed8666c0747d60c340f343c4a78 (patch) | |
| tree | 75da64a6270a7c601a0892704fad8f498e1e8071 /data | |
| parent | a41266969e6e023049c1df0065a39518d0d939c3 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/2019.list | 18 | ||||
| -rw-r--r-- | data/CVE/2020.list | 25 | ||||
| -rw-r--r-- | data/CVE/2021.list | 251 |
3 files changed, 214 insertions, 80 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 474d32e555..ffdd56dddb 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,13 +1,15 @@ +CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...) + TODO: check CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...) NOT-FOR-US: OpenRepeater (ORP) -CVE-2019-25023 - RESERVED -CVE-2019-25022 - RESERVED -CVE-2019-25021 - RESERVED -CVE-2019-25020 - RESERVED +CVE-2019-25023 (An issue was discovered in Scytl sVote 2.1. Because the IP address fro ...) + TODO: check +CVE-2019-25022 (An issue was discovered in Scytl sVote 2.1. An attacker can inject cod ...) + TODO: check +CVE-2019-25021 (An issue was discovered in Scytl sVote 2.1. Due to the implementation ...) + TODO: check +CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest AP ...) + TODO: check CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...) - limesurvey <itp> (bug #472802) CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed] diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 24a0e98a9c..be67e1c233 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -493,8 +493,8 @@ CVE-2020-36081 RESERVED CVE-2020-36080 RESERVED -CVE-2020-36079 - RESERVED +CVE-2020-36079 (Zenphoto through 1.5.7 is affected by authenticated arbitrary file upl ...) + TODO: check CVE-2020-36078 RESERVED CVE-2020-36077 @@ -1397,8 +1397,8 @@ CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Updat NOT-FOR-US: Acronis CVE-2020-35663 RESERVED -CVE-2020-35662 - RESERVED +CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...) + TODO: check CVE-2020-35661 RESERVED CVE-2020-35660 @@ -4377,8 +4377,8 @@ CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as NOTE: disputed libsvm non issue CVE-2020-28973 RESERVED -CVE-2020-28972 - RESERVED +CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...) + TODO: check CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...) - rust-time <not-affected> (Vulnerable methods introduced in v0.2.7) NOTE: https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396 @@ -5461,7 +5461,7 @@ CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function NOT-FOR-US: Node total.js CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs in th ...) NOT-FOR-US: Node total.js -CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDO ...) +CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDo ...) - jinja2 <unfixed> (bug #982736) [stretch] - jinja2 <no-dsa> (Minor issue) NOTE: https://github.com/pallets/jinja/pull/1343 @@ -6030,8 +6030,8 @@ CVE-2020-28245 RESERVED CVE-2020-28244 RESERVED -CVE-2020-28243 - RESERVED +CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's ...) + TODO: check CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...) - asterisk 1:16.15.0~dfsg-1 (bug #974713) [buster] - asterisk <no-dsa> (Minor issue) @@ -7638,8 +7638,7 @@ CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.p NOTE: https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 (3.7) NOTE: https://bugs.python.org/issue41944 NOTE: Only affects the testsuite -CVE-2020-27618 [iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop] - RESERVED +CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) - glibc 2.31-5 (bug #973914) [buster] - glibc <no-dsa> (Minor issue) [stretch] - glibc <no-dsa> (Minor issue) @@ -8487,8 +8486,8 @@ CVE-2020-27225 RESERVED CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...) NOT-FOR-US: Eclipse Theia -CVE-2020-27223 - RESERVED +CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...) + TODO: check CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...) NOT-FOR-US: Eclipse Californium CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is potential ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 1d45f1a371..739a61822e 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,8 +1,142 @@ +CVE-2021-27806 + RESERVED +CVE-2021-27805 + RESERVED +CVE-2021-27804 + RESERVED +CVE-2021-27802 + RESERVED +CVE-2021-27801 + RESERVED +CVE-2021-27800 + RESERVED +CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.19. ...) + TODO: check +CVE-2021-27798 + RESERVED +CVE-2021-27797 + RESERVED +CVE-2021-27796 + RESERVED +CVE-2021-27795 + RESERVED +CVE-2021-27794 + RESERVED +CVE-2021-27793 + RESERVED +CVE-2021-27792 + RESERVED +CVE-2021-27791 + RESERVED +CVE-2021-27790 + RESERVED +CVE-2021-27789 + RESERVED +CVE-2021-27788 + RESERVED +CVE-2021-27787 + RESERVED +CVE-2021-27786 + RESERVED +CVE-2021-27785 + RESERVED +CVE-2021-27784 + RESERVED +CVE-2021-27783 + RESERVED +CVE-2021-27782 + RESERVED +CVE-2021-27781 + RESERVED +CVE-2021-27780 + RESERVED +CVE-2021-27779 + RESERVED +CVE-2021-27778 + RESERVED +CVE-2021-27777 + RESERVED +CVE-2021-27776 + RESERVED +CVE-2021-27775 + RESERVED +CVE-2021-27774 + RESERVED +CVE-2021-27773 + RESERVED +CVE-2021-27772 + RESERVED +CVE-2021-27771 + RESERVED +CVE-2021-27770 + RESERVED +CVE-2021-27769 + RESERVED +CVE-2021-27768 + RESERVED +CVE-2021-27767 + RESERVED +CVE-2021-27766 + RESERVED +CVE-2021-27765 + RESERVED +CVE-2021-27764 + RESERVED +CVE-2021-27763 + RESERVED +CVE-2021-27762 + RESERVED +CVE-2021-27761 + RESERVED +CVE-2021-27760 + RESERVED +CVE-2021-27759 + RESERVED +CVE-2021-27758 + RESERVED +CVE-2021-27757 + RESERVED +CVE-2021-27756 + RESERVED +CVE-2021-27755 + RESERVED +CVE-2021-27754 + RESERVED +CVE-2021-27753 + RESERVED +CVE-2021-27752 + RESERVED +CVE-2021-27751 + RESERVED +CVE-2021-27750 + RESERVED +CVE-2021-27749 + RESERVED +CVE-2021-27748 + RESERVED +CVE-2021-27747 + RESERVED +CVE-2021-27746 + RESERVED +CVE-2021-27745 + RESERVED +CVE-2021-27744 + RESERVED +CVE-2021-27743 + RESERVED +CVE-2021-27742 + RESERVED +CVE-2021-27741 + RESERVED +CVE-2021-27740 + RESERVED +CVE-2021-27739 + RESERVED CVE-2021-27738 RESERVED CVE-2021-27737 RESERVED -CVE-2021-27803 [P2P: Fix a corner case in peer addition based on PD Request] +CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...) - wpa 2:2.9.0-21 NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3 NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt @@ -1135,8 +1269,8 @@ CVE-2021-27200 RESERVED CVE-2021-27199 RESERVED -CVE-2021-27198 - RESERVED +CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...) + TODO: check CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) NOT-FOR-US: Pelco Digital Sentry Server CVE-2021-27196 @@ -1272,8 +1406,8 @@ CVE-2021-27134 RESERVED CVE-2021-27133 RESERVED -CVE-2021-27132 - RESERVED +CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...) + TODO: check CVE-2021-27131 RESERVED CVE-2021-27130 @@ -2546,22 +2680,22 @@ CVE-2021-26569 RESERVED CVE-2021-26568 RESERVED -CVE-2021-26567 - RESERVED -CVE-2021-26566 - RESERVED -CVE-2021-26565 - RESERVED -CVE-2021-26564 - RESERVED -CVE-2021-26563 - RESERVED -CVE-2021-26562 - RESERVED -CVE-2021-26561 - RESERVED -CVE-2021-26560 - RESERVED +CVE-2021-26567 (Use of unmaintained third party components vulnerability in faad in Sy ...) + TODO: check +CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...) + TODO: check +CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in synor ...) + TODO: check +CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...) + TODO: check +CVE-2021-26563 (Improper access control vulnerability in synoagentregisterd in Synolog ...) + TODO: check +CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...) + TODO: check +CVE-2021-26561 (Stack-based buffer overflow vulnerability in synoagentregisterd in Syn ...) + TODO: check +CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability in synoa ...) + TODO: check CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API ...) - airflow <itp> (bug #819700) CVE-2021-26558 @@ -4747,8 +4881,8 @@ CVE-2021-25680 RESERVED CVE-2021-25679 RESERVED -CVE-2021-3197 - RESERVED +CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...) + TODO: check CVE-2021-3196 RESERVED CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...) @@ -5643,14 +5777,14 @@ CVE-2021-25286 RESERVED CVE-2021-25285 RESERVED -CVE-2021-25284 - RESERVED -CVE-2021-25283 - RESERVED -CVE-2021-25282 - RESERVED -CVE-2021-25281 - RESERVED +CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...) + TODO: check +CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...) + TODO: check +CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...) + TODO: check +CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...) + TODO: check CVE-2021-XXXX [Unexpected database bindings via requests (follow-up)] - php-laravel-framework 6.20.14+dfsg-1 NOTE: https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg @@ -5859,14 +5993,14 @@ CVE-2021-3153 RESERVED CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...) NOT-FOR-US: Home Assistant -CVE-2021-3151 - RESERVED +CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...) + TODO: check CVE-2021-3150 RESERVED CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...) NOT-FOR-US: Netshield NANO devices -CVE-2021-3148 - RESERVED +CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...) + TODO: check CVE-2021-3147 RESERVED CVE-2021-25196 @@ -8044,8 +8178,8 @@ CVE-2021-3146 RESERVED CVE-2021-3145 RESERVED -CVE-2021-3144 - RESERVED +CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...) + TODO: check CVE-2021-3143 RESERVED CVE-2021-3142 @@ -13944,14 +14078,13 @@ CVE-2021-21311 (Adminer is an open-source database management in a single PHP fi NOTE: https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 (v4.7.9) CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solution for ...) NOT-FOR-US: NextAuth.js -CVE-2021-21309 - RESERVED +CVE-2021-21309 (Redis is an open-source, in-memory database that persists on disk. In ...) {DLA-2576-1} - redis 5:6.0.11-1 (bug #983446) [buster] - redis <no-dsa> (Minor issue) NOTE: https://github.com/redis/redis/pull/8522 -CVE-2021-21308 - RESERVED +CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) + TODO: check CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...) NOT-FOR-US: Lucee Server CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...) @@ -13966,8 +14099,8 @@ CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. NOT-FOR-US: Dynamoose CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...) - helm-kubernetes <itp> (bug #910799) -CVE-2021-21302 - RESERVED +CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) + TODO: check CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...) NOT-FOR-US: Wire CVE-2021-21300 @@ -21123,18 +21256,18 @@ CVE-2021-0408 RESERVED CVE-2021-0407 RESERVED -CVE-2021-0406 - RESERVED -CVE-2021-0405 - RESERVED -CVE-2021-0404 - RESERVED -CVE-2021-0403 - RESERVED -CVE-2021-0402 - RESERVED -CVE-2021-0401 - RESERVED +CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...) + TODO: check +CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...) + TODO: check +CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due to imp ...) + TODO: check +CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a missin ...) + TODO: check +CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper input ...) + TODO: check +CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...) + TODO: check CVE-2021-0400 RESERVED CVE-2021-0399 @@ -21201,10 +21334,10 @@ CVE-2021-0369 RESERVED CVE-2021-0368 RESERVED -CVE-2021-0367 - RESERVED -CVE-2021-0366 - RESERVED +CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...) + TODO: check +CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race condition. ...) + TODO: check CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use ...) NOT-FOR-US: Mediatek components for Android CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...) |