diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-01-06 08:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-06 08:10:17 +0000 |
commit | 505af0c2e231939ee0f16f7f1ac342c7028f16a9 (patch) | |
tree | 7db752d7ba9b6a89a04a3ccfbfdc887b6d28c98b /data | |
parent | be6e7652294c262e5ad517d3dd36fa12ad7b1e57 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 8 | ||||
-rw-r--r-- | data/CVE/2020.list | 101 | ||||
-rw-r--r-- | data/CVE/2021.list | 30 |
5 files changed, 95 insertions, 48 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 68747e5a22..da380f7e8b 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -31576,7 +31576,7 @@ CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading t NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...) - apcupsd <not-affected> (Only APC UPS Daemon on Windows) -CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...) +CVE-2017-7889 (The mm subsystem in the Linux kernel through 3.2 does not properly enf ...) {DSA-3945-1 DLA-1099-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 48d37a60b0..b3b9ea02da 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -42631,7 +42631,7 @@ CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function - linux 4.14.17-1 [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737 -CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() funct ...) +CVE-2018-5332 (In the Linux kernel through 3.2, the rds_message_alloc_sgs() function ...) {DSA-4187-1 DLA-1369-1} - linux 4.14.17-1 [stretch] - linux 4.9.80-1 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index ae6cfa3e29..99d147abd6 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1122,10 +1122,10 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin [stretch] - libvirt <no-dsa> (Minor issue) [jessie] - libvirt <not-affected> (Vulnerable code not present) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1) -CVE-2019-20484 - RESERVED -CVE-2019-20483 - RESERVED +CVE-2019-20484 (An issue was discovered in Viki Vera 4.9.1.26180. A user without acces ...) + TODO: check +CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker could se ...) + TODO: check CVE-2019-20482 RESERVED CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5577ca8bd5..24235d5862 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,23 @@ +CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCe ...) + TODO: check +CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It ...) + TODO: check +CVE-2020-36167 (An issue was discovered in the server in Veritas Backup Exec through 1 ...) + TODO: check +CVE-2020-36166 (An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Wind ...) + TODO: check +CVE-2020-36165 (An issue was discovered in Veritas Desktop and Laptop Option (DLO) bef ...) + TODO: check +CVE-2020-36164 (An issue was discovered in Veritas Enterprise Vault through 14.0. On s ...) + TODO: check +CVE-2020-36163 (An issue was discovered in Veritas NetBackup and OpsCenter through 8.3 ...) + TODO: check +CVE-2020-36162 (An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. T ...) + TODO: check +CVE-2020-36161 (An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 ...) + TODO: check +CVE-2020-36160 (An issue was discovered in Veritas System Recovery before 21.2. On sta ...) + TODO: check CVE-2020-36159 (Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operation ...) NOT-FOR-US: Veritas CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...) @@ -183,10 +203,10 @@ CVE-2020-36069 RESERVED CVE-2020-36068 RESERVED -CVE-2020-36067 - RESERVED -CVE-2020-36066 - RESERVED +CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of service (panic ...) + TODO: check +CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remote) ...) + TODO: check CVE-2020-36065 RESERVED CVE-2020-36064 @@ -213,10 +233,10 @@ CVE-2020-36054 RESERVED CVE-2020-36053 RESERVED -CVE-2020-36052 - RESERVED -CVE-2020-36051 - RESERVED +CVE-2020-36052 (Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 al ...) + TODO: check +CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 al ...) + TODO: check CVE-2020-36050 RESERVED CVE-2020-36049 @@ -1918,7 +1938,7 @@ CVE-2020-35271 RESERVED CVE-2020-35270 RESERVED -CVE-2020-35269 (There is a Cross Site Request Forgery (CSRF) vulnerability in Nagios C ...) +CVE-2020-35269 (Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross ...) - nagios4 <undetermined> NOTE: https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/809 @@ -2120,8 +2140,8 @@ CVE-2020-35172 RESERVED CVE-2020-35171 RESERVED -CVE-2020-35170 - RESERVED +CVE-2020-35170 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Un ...) + TODO: check CVE-2020-35169 RESERVED CVE-2020-35168 @@ -2738,12 +2758,12 @@ CVE-2020-29504 RESERVED CVE-2020-29503 RESERVED -CVE-2020-29502 - RESERVED -CVE-2020-29501 - RESERVED -CVE-2020-29500 - RESERVED +CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...) + TODO: check +CVE-2020-29501 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...) + TODO: check +CVE-2020-29500 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...) + TODO: check CVE-2020-29499 RESERVED CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an open redir ...) @@ -2762,10 +2782,10 @@ CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure defa NOT-FOR-US: Dell Wyse ThinOS CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...) NOT-FOR-US: Dell Wyse ThinOS -CVE-2020-29490 - RESERVED -CVE-2020-29489 - RESERVED +CVE-2020-29490 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...) + TODO: check +CVE-2020-29489 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...) + TODO: check CVE-2020-29488 RESERVED CVE-2020-29487 (An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstor ...) @@ -2892,8 +2912,8 @@ CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that rely NOT-FOR-US: Tesla Model X vehicles CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that accept fir ...) NOT-FOR-US: Tesla Model X vehicles -CVE-2020-29437 - RESERVED +CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6 allows remot ...) + TODO: check CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-29435 @@ -10234,8 +10254,8 @@ CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a wea NOT-FOR-US: Askey CVE-2020-26200 RESERVED -CVE-2020-26199 - RESERVED +CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...) + TODO: check CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a ...) NOT-FOR-US: EMC CVE-2020-26197 @@ -10270,8 +10290,8 @@ CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an imprope NOT-FOR-US: EMC CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...) NOT-FOR-US: EMC -CVE-2020-26181 - RESERVED +CVE-2020-26181 (Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale O ...) + TODO: check CVE-2020-26180 RESERVED CVE-2020-26179 @@ -16756,10 +16776,10 @@ CVE-2020-23252 RESERVED CVE-2020-23251 RESERVED -CVE-2020-23250 - RESERVED -CVE-2020-23249 - RESERVED +CVE-2020-23250 (GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in ...) + TODO: check +CVE-2020-23249 (GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaint ...) + TODO: check CVE-2020-23248 RESERVED CVE-2020-23247 @@ -53238,8 +53258,8 @@ CVE-2020-7338 RESERVED CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: McAfee -CVE-2020-7336 - RESERVED +CVE-2020-7336 (Cross Site Request Forgery vulnerability in McAfee Network Security Ma ...) + TODO: check CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client McAfee ...) NOT-FOR-US: McAfee CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...) @@ -58806,17 +58826,17 @@ CVE-2020-5103 CVE-2020-5102 RESERVED CVE-2020-5101 - RESERVED + REJECTED CVE-2020-5100 - RESERVED + REJECTED CVE-2020-5099 - RESERVED + REJECTED CVE-2020-5098 - RESERVED + REJECTED CVE-2020-5097 - RESERVED + REJECTED CVE-2020-5096 - RESERVED + REJECTED CVE-2020-5095 REJECTED CVE-2020-5094 @@ -66327,7 +66347,8 @@ CVE-2020-1676 (When SAML authentication is enabled, Juniper Networks Mist Cloud NOT-FOR-US: Juniper CVE-2020-1675 (When Security Assertion Markup Language (SAML) authentication is enabl ...) NOT-FOR-US: Juniper -CVE-2020-1674 (Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard de ...) +CVE-2020-1674 + REJECTED NOT-FOR-US: Juniper CVE-2020-1673 (Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks ...) NOT-FOR-US: Juniper diff --git a/data/CVE/2021.list b/data/CVE/2021.list index b99e3db848..88d70485b1 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,29 @@ +CVE-2021-3027 + RESERVED +CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...) + TODO: check +CVE-2021-3025 + RESERVED +CVE-2021-22695 + RESERVED +CVE-2021-22694 + RESERVED +CVE-2021-22693 + RESERVED +CVE-2021-22692 + RESERVED +CVE-2021-22691 + RESERVED +CVE-2021-22690 + RESERVED +CVE-2021-22689 + RESERVED +CVE-2021-22688 + RESERVED +CVE-2021-22687 + RESERVED +CVE-2021-22686 + RESERVED CVE-2021-3024 RESERVED CVE-2021-3023 @@ -2946,8 +2972,8 @@ CVE-2021-21237 RESERVED CVE-2021-21236 RESERVED -CVE-2021-21235 - RESERVED +CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...) + TODO: check CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple logfile v ...) TODO: check CVE-2021-21233 |