diff options
| -rw-r--r-- | data/CVE/2019.list | 10 | ||||
| -rw-r--r-- | data/CVE/2020.list | 29 | ||||
| -rw-r--r-- | data/CVE/2021.list | 122 |
3 files changed, 90 insertions, 71 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 90d7758b99..cc2784a8d0 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...) + TODO: check CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...) NOT-FOR-US: JetBrains Ktor CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...) @@ -6196,8 +6198,8 @@ CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 NOT-FOR-US: European Commission eIDAS-Node Integration Package CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege Elevati ...) NOT-FOR-US: Centrify Authentication and Privilege Elevation Services -CVE-2019-18630 - RESERVED +CVE-2019-18630 (On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/ ...) + TODO: check CVE-2019-18629 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...) NOT-FOR-US: Xerox CVE-2019-18628 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...) @@ -6869,8 +6871,8 @@ CVE-2019-18353 RESERVED CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices ...) NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices -CVE-2019-18351 - RESERVED +CVE-2019-18351 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk thr ...) + TODO: check CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...) NOT-FOR-US: Ant Design Pro CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 0faa1f6d7e..cf23d7f2fd 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,5 @@ +CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...) + TODO: check CVE-2020-35358 RESERVED CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...) @@ -1475,8 +1477,8 @@ CVE-2020-35638 RESERVED CVE-2020-35637 RESERVED -CVE-2020-35636 - RESERVED +CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-35635 RESERVED CVE-2020-35634 @@ -1491,8 +1493,8 @@ CVE-2020-35630 RESERVED CVE-2020-35629 RESERVED -CVE-2020-35628 - RESERVED +CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vul ...) NOT-FOR-US: Ultimate WooCommerce Gift Cards CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...) @@ -5165,8 +5167,8 @@ CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pine NOTE: https://github.com/dyne/Tomb/issues/392 CVE-2020-28637 RESERVED -CVE-2020-28636 - RESERVED +CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-28635 RESERVED CVE-2020-28634 @@ -5235,8 +5237,8 @@ CVE-2020-28603 RESERVED CVE-2020-28602 RESERVED -CVE-2020-28601 - RESERVED +CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-28600 RESERVED CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...) @@ -12278,8 +12280,7 @@ CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124 CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...) - wildfly <itp> (bug #752018) -CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS] - RESERVED +CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel’s ...) - linux 5.10.19-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -51692,8 +51693,8 @@ CVE-2020-8300 RESERVED CVE-2020-8299 RESERVED -CVE-2020-8298 - RESERVED +CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...) + TODO: check CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) @@ -59428,8 +59429,8 @@ CVE-2020-5150 RESERVED CVE-2020-5149 RESERVED -CVE-2020-5148 - RESERVED +CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe the ass ...) + TODO: check CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted service pa ...) NOT-FOR-US: SonicWall CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an authenticated m ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 99bb101940..c0c9e34915 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,23 @@ +CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...) + TODO: check +CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...) + TODO: check +CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...) + TODO: check +CVE-2021-27962 + RESERVED +CVE-2021-27961 + RESERVED +CVE-2021-27960 + RESERVED +CVE-2021-27959 + RESERVED +CVE-2021-27958 + RESERVED +CVE-2021-27957 + RESERVED +CVE-2021-27956 + RESERVED CVE-2021-27955 RESERVED CVE-2021-27954 @@ -1352,8 +1372,8 @@ CVE-2021-27316 RESERVED CVE-2021-27315 RESERVED -CVE-2021-27314 - RESERVED +CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...) + TODO: check CVE-2021-27313 RESERVED CVE-2021-27312 @@ -2047,10 +2067,10 @@ CVE-2021-26991 RESERVED CVE-2021-26990 RESERVED -CVE-2021-26989 - RESERVED -CVE-2021-26988 - RESERVED +CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...) + TODO: check +CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...) + TODO: check CVE-2021-26987 RESERVED CVE-2021-26986 @@ -2163,14 +2183,12 @@ CVE-2021-23217 RESERVED CVE-2021-23201 RESERVED -CVE-2021-3404 - RESERVED +CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...) - libytnef 1.9.3-3 (bug #982596) [buster] - libytnef <no-dsa> (Minor issue) [stretch] - libytnef <no-dsa> (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/86 -CVE-2021-3403 - RESERVED +CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows ...) - libytnef 1.9.3-3 (bug #982594) [buster] - libytnef <no-dsa> (Minor issue) [stretch] - libytnef <no-dsa> (Minor issue) @@ -2376,13 +2394,11 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ -CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed] - RESERVED +CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...) {DSA-4859-1 DLA-2573-1} - libzstd 1.4.8+dfsg-2 (bug #982519) NOTE: https://github.com/facebook/zstd/issues/2491 -CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed] - RESERVED +CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...) {DSA-4850-1 DLA-2573-1} - libzstd 1.4.8+dfsg-1 (bug #981404) NOTE: https://github.com/facebook/zstd/issues/1630 @@ -3722,8 +3738,8 @@ CVE-2021-3327 RESERVED CVE-2021-26294 RESERVED -CVE-2021-26293 - RESERVED +CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...) + TODO: check CVE-2021-26292 RESERVED CVE-2021-26291 @@ -5926,42 +5942,42 @@ CVE-2021-25350 RESERVED CVE-2021-25349 RESERVED -CVE-2021-25348 - RESERVED -CVE-2021-25347 - RESERVED -CVE-2021-25346 - RESERVED -CVE-2021-25345 - RESERVED -CVE-2021-25344 - RESERVED -CVE-2021-25343 - RESERVED -CVE-2021-25342 - RESERVED -CVE-2021-25341 - RESERVED -CVE-2021-25340 - RESERVED -CVE-2021-25339 - RESERVED -CVE-2021-25338 - RESERVED -CVE-2021-25337 - RESERVED -CVE-2021-25336 - RESERVED -CVE-2021-25335 - RESERVED -CVE-2021-25334 - RESERVED -CVE-2021-25333 - RESERVED -CVE-2021-25332 - RESERVED -CVE-2021-25331 - RESERVED +CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...) + TODO: check +CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...) + TODO: check +CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...) + TODO: check +CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...) + TODO: check +CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021 ...) + TODO: check +CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...) + TODO: check +CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...) + TODO: check +CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...) + TODO: check +CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...) + TODO: check +CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...) + TODO: check +CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior ...) + TODO: check +CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...) + TODO: check +CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...) + TODO: check +CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...) + TODO: check +CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...) + TODO: check +CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + TODO: check +CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + TODO: check +CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + TODO: check CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...) NOT-FOR-US: MobileWips application CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) @@ -12412,7 +12428,7 @@ CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. NOT-FOR-US: Huawei CVE-2021-22297 RESERVED -CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attack ...) +CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...) NOT-FOR-US: HarmonyOS CVE-2021-22295 RESERVED |