automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-01-06 08:10:17 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-01-06 08:10:17 +0000
commit: 505af0c2e231939ee0f16f7f1ac342c7028f16a9 (patch)
tree: 7db752d7ba9b6a89a04a3ccfbfdc887b6d28c98b /data
parent: be6e7652294c262e5ad517d3dd36fa12ad7b1e57 (diff)
5 files changed, 95 insertions, 48 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 68747e5a22..da380f7e8b 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -31576,7 +31576,7 @@ CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading t
 	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
 CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...)
 	- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
-CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...)
+CVE-2017-7889 (The mm subsystem in the Linux kernel through 3.2 does not properly enf ...)
 	{DSA-3945-1 DLA-1099-1}
 	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 48d37a60b0..b3b9ea02da 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -42631,7 +42631,7 @@ CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function
 	- linux 4.14.17-1
 	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
-CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() funct ...)
+CVE-2018-5332 (In the Linux kernel through 3.2, the rds_message_alloc_sgs() function  ...)
 	{DSA-4187-1 DLA-1369-1}
 	- linux 4.14.17-1
 	[stretch] - linux 4.9.80-1
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index ae6cfa3e29..99d147abd6 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1122,10 +1122,10 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin
 	[stretch] - libvirt <no-dsa> (Minor issue)
 	[jessie] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1)
-CVE-2019-20484
-	RESERVED
-CVE-2019-20483
-	RESERVED
+CVE-2019-20484 (An issue was discovered in Viki Vera 4.9.1.26180. A user without acces ...)
+	TODO: check
+CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker could se ...)
+	TODO: check
 CVE-2019-20482
 	RESERVED
 CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 5577ca8bd5..24235d5862 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,23 @@
+CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCe ...)
+	TODO: check
+CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It ...)
+	TODO: check
+CVE-2020-36167 (An issue was discovered in the server in Veritas Backup Exec through 1 ...)
+	TODO: check
+CVE-2020-36166 (An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Wind ...)
+	TODO: check
+CVE-2020-36165 (An issue was discovered in Veritas Desktop and Laptop Option (DLO) bef ...)
+	TODO: check
+CVE-2020-36164 (An issue was discovered in Veritas Enterprise Vault through 14.0. On s ...)
+	TODO: check
+CVE-2020-36163 (An issue was discovered in Veritas NetBackup and OpsCenter through 8.3 ...)
+	TODO: check
+CVE-2020-36162 (An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. T ...)
+	TODO: check
+CVE-2020-36161 (An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5  ...)
+	TODO: check
+CVE-2020-36160 (An issue was discovered in Veritas System Recovery before 21.2. On sta ...)
+	TODO: check
 CVE-2020-36159 (Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operation ...)
 	NOT-FOR-US: Veritas
 CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...)
@@ -183,10 +203,10 @@ CVE-2020-36069
 	RESERVED
 CVE-2020-36068
 	RESERVED
-CVE-2020-36067
-	RESERVED
-CVE-2020-36066
-	RESERVED
+CVE-2020-36067 (GJSON &lt;=v1.6.5 allows attackers to cause a denial of service (panic ...)
+	TODO: check
+CVE-2020-36066 (GJSON &lt;1.6.5 allows attackers to cause a denial of service (remote) ...)
+	TODO: check
 CVE-2020-36065
 	RESERVED
 CVE-2020-36064
@@ -213,10 +233,10 @@ CVE-2020-36054
 	RESERVED
 CVE-2020-36053
 	RESERVED
-CVE-2020-36052
-	RESERVED
-CVE-2020-36051
-	RESERVED
+CVE-2020-36052 (Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 al ...)
+	TODO: check
+CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 al ...)
+	TODO: check
 CVE-2020-36050
 	RESERVED
 CVE-2020-36049
@@ -1918,7 +1938,7 @@ CVE-2020-35271
 	RESERVED
 CVE-2020-35270
 	RESERVED
-CVE-2020-35269 (There is a Cross Site Request Forgery (CSRF) vulnerability in Nagios C ...)
+CVE-2020-35269 (Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross ...)
 	- nagios4 <undetermined>
 	NOTE: https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc
 	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/809
@@ -2120,8 +2140,8 @@ CVE-2020-35172
 	RESERVED
 CVE-2020-35171
 	RESERVED
-CVE-2020-35170
-	RESERVED
+CVE-2020-35170 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Un ...)
+	TODO: check
 CVE-2020-35169
 	RESERVED
 CVE-2020-35168
@@ -2738,12 +2758,12 @@ CVE-2020-29504
 	RESERVED
 CVE-2020-29503
 	RESERVED
-CVE-2020-29502
-	RESERVED
-CVE-2020-29501
-	RESERVED
-CVE-2020-29500
-	RESERVED
+CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
+	TODO: check
+CVE-2020-29501 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
+	TODO: check
+CVE-2020-29500 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
+	TODO: check
 CVE-2020-29499
 	RESERVED
 CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an open redir ...)
@@ -2762,10 +2782,10 @@ CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure defa
 	NOT-FOR-US: Dell Wyse ThinOS
 CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
 	NOT-FOR-US: Dell Wyse ThinOS
-CVE-2020-29490
-	RESERVED
-CVE-2020-29489
-	RESERVED
+CVE-2020-29490 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
+	TODO: check
+CVE-2020-29489 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
+	TODO: check
 CVE-2020-29488
 	RESERVED
 CVE-2020-29487 (An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstor ...)
@@ -2892,8 +2912,8 @@ CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that rely
 	NOT-FOR-US: Tesla Model X vehicles
 CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that accept fir ...)
 	NOT-FOR-US: Tesla Model X vehicles
-CVE-2020-29437
-	RESERVED
+CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6 allows remot ...)
+	TODO: check
 CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...)
 	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2020-29435
@@ -10234,8 +10254,8 @@ CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a wea
 	NOT-FOR-US: Askey
 CVE-2020-26200
 	RESERVED
-CVE-2020-26199
-	RESERVED
+CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
+	TODO: check
 CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a  ...)
 	NOT-FOR-US: EMC
 CVE-2020-26197
@@ -10270,8 +10290,8 @@ CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an imprope
 	NOT-FOR-US: EMC
 CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...)
 	NOT-FOR-US: EMC
-CVE-2020-26181
-	RESERVED
+CVE-2020-26181 (Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale O ...)
+	TODO: check
 CVE-2020-26180
 	RESERVED
 CVE-2020-26179
@@ -16756,10 +16776,10 @@ CVE-2020-23252
 	RESERVED
 CVE-2020-23251
 	RESERVED
-CVE-2020-23250
-	RESERVED
-CVE-2020-23249
-	RESERVED
+CVE-2020-23250 (GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in ...)
+	TODO: check
+CVE-2020-23249 (GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaint ...)
+	TODO: check
 CVE-2020-23248
 	RESERVED
 CVE-2020-23247
@@ -53238,8 +53258,8 @@ CVE-2020-7338
 	RESERVED
 CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
 	NOT-FOR-US: McAfee
-CVE-2020-7336
-	RESERVED
+CVE-2020-7336 (Cross Site Request Forgery vulnerability in McAfee Network Security Ma ...)
+	TODO: check
 CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client McAfee  ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...)
@@ -58806,17 +58826,17 @@ CVE-2020-5103
 CVE-2020-5102
 	RESERVED
 CVE-2020-5101
-	RESERVED
+	REJECTED
 CVE-2020-5100
-	RESERVED
+	REJECTED
 CVE-2020-5099
-	RESERVED
+	REJECTED
 CVE-2020-5098
-	RESERVED
+	REJECTED
 CVE-2020-5097
-	RESERVED
+	REJECTED
 CVE-2020-5096
-	RESERVED
+	REJECTED
 CVE-2020-5095
 	REJECTED
 CVE-2020-5094
@@ -66327,7 +66347,8 @@ CVE-2020-1676 (When SAML authentication is enabled, Juniper Networks Mist Cloud
 	NOT-FOR-US: Juniper
 CVE-2020-1675 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1674 (Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard de ...)
+CVE-2020-1674
+	REJECTED
 	NOT-FOR-US: Juniper
 CVE-2020-1673 (Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks ...)
 	NOT-FOR-US: Juniper
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index b99e3db848..88d70485b1 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,29 @@
+CVE-2021-3027
+	RESERVED
+CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
+	TODO: check
+CVE-2021-3025
+	RESERVED
+CVE-2021-22695
+	RESERVED
+CVE-2021-22694
+	RESERVED
+CVE-2021-22693
+	RESERVED
+CVE-2021-22692
+	RESERVED
+CVE-2021-22691
+	RESERVED
+CVE-2021-22690
+	RESERVED
+CVE-2021-22689
+	RESERVED
+CVE-2021-22688
+	RESERVED
+CVE-2021-22687
+	RESERVED
+CVE-2021-22686
+	RESERVED
 CVE-2021-3024
 	RESERVED
 CVE-2021-3023
@@ -2946,8 +2972,8 @@ CVE-2021-21237
 	RESERVED
 CVE-2021-21236
 	RESERVED
-CVE-2021-21235
-	RESERVED
+CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...)
+	TODO: check
 CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple logfile v ...)
 	TODO: check
 CVE-2021-21233
author	security tracker role <sectracker@soriano.debian.org>	2021-01-06 08:10:17 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-01-06 08:10:17 +0000
commit	505af0c2e231939ee0f16f7f1ac342c7028f16a9 (patch)
tree	7db752d7ba9b6a89a04a3ccfbfdc887b6d28c98b /data
parent	be6e7652294c262e5ad517d3dd36fa12ad7b1e57 (diff)