From 2e213ecf689ce2e8ee3c581a51188e5dc50d19a6 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 2 Apr 2021 08:10:22 +0000 Subject: automatic update --- data/CVE/2020.list | 6 +- data/CVE/2021.list | 176 +++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 153 insertions(+), 29 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c6ca8f2a22..e8b182a0d1 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -7103,7 +7103,7 @@ CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce (v2.4.0) CVE-2020-27840 [Heap corruption via crafted DN strings] RESERVED - {DLA-2611-1} + {DSA-4884-1 DLA-2611-1} - ldb 2:2.2.0-3.1 (bug #985936) - samba (unimportant) NOTE: https://www.samba.org/samba/security/CVE-2020-27840.html @@ -46239,7 +46239,7 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspa CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...) NOT-FOR-US: Red Hat OpenStack platform CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...) - {DLA-2463-1} + {DSA-4884-1 DLA-2463-1} - ldb 2:2.1.4-1 [stretch] - ldb (Vulnerable code introduced later) - samba 2:4.12.5+dfsg-1 @@ -66460,7 +66460,7 @@ CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7 CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...) NOT-FOR-US: Apache ShardingSphere CVE-2020-1946 (In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf ...) - {DSA-4879-1} + {DSA-4879-1 DLA-2615-1} - spamassassin 3.4.5~pre1-1 (bug #985962) NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not public) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 97e2fc9f40..c7d690ab97 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,4 +1,128 @@ -CVE-2021-30002 [media: v4l: ioctl: Fix memory leak in video_usercopy] +CVE-2021-30006 + RESERVED +CVE-2021-30005 + RESERVED +CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...) + TODO: check +CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...) + TODO: check +CVE-2021-30001 + RESERVED +CVE-2021-30000 + RESERVED +CVE-2021-29999 + RESERVED +CVE-2021-29998 + RESERVED +CVE-2021-29997 + RESERVED +CVE-2021-29996 + RESERVED +CVE-2021-29995 + RESERVED +CVE-2021-29994 + RESERVED +CVE-2021-29993 + RESERVED +CVE-2021-29992 + RESERVED +CVE-2021-29991 + RESERVED +CVE-2021-29990 + RESERVED +CVE-2021-29989 + RESERVED +CVE-2021-29988 + RESERVED +CVE-2021-29987 + RESERVED +CVE-2021-29986 + RESERVED +CVE-2021-29985 + RESERVED +CVE-2021-29984 + RESERVED +CVE-2021-29983 + RESERVED +CVE-2021-29982 + RESERVED +CVE-2021-29981 + RESERVED +CVE-2021-29980 + RESERVED +CVE-2021-29979 + RESERVED +CVE-2021-29978 + RESERVED +CVE-2021-29977 + RESERVED +CVE-2021-29976 + RESERVED +CVE-2021-29975 + RESERVED +CVE-2021-29974 + RESERVED +CVE-2021-29973 + RESERVED +CVE-2021-29972 + RESERVED +CVE-2021-29971 + RESERVED +CVE-2021-29970 + RESERVED +CVE-2021-29969 + RESERVED +CVE-2021-29968 + RESERVED +CVE-2021-29967 + RESERVED +CVE-2021-29966 + RESERVED +CVE-2021-29965 + RESERVED +CVE-2021-29964 + RESERVED +CVE-2021-29963 + RESERVED +CVE-2021-29962 + RESERVED +CVE-2021-29961 + RESERVED +CVE-2021-29960 + RESERVED +CVE-2021-29959 + RESERVED +CVE-2021-29958 + RESERVED +CVE-2021-29957 + RESERVED +CVE-2021-29956 + RESERVED +CVE-2021-29955 + RESERVED +CVE-2021-29954 + RESERVED +CVE-2021-29953 + RESERVED +CVE-2021-29952 + RESERVED +CVE-2021-29951 + RESERVED +CVE-2021-29950 + RESERVED +CVE-2021-29949 + RESERVED +CVE-2021-29948 + RESERVED +CVE-2021-29947 + RESERVED +CVE-2021-29946 + RESERVED +CVE-2021-29945 + RESERVED +CVE-2021-29944 + RESERVED +CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a webca ...) - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 @@ -1104,8 +1228,8 @@ CVE-2021-3472 RESERVED CVE-2021-29422 RESERVED -CVE-2021-29421 - RESERVED +CVE-2021-29421 (models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Pyth ...) + TODO: check CVE-2021-29420 RESERVED CVE-2021-29419 @@ -2068,10 +2192,10 @@ CVE-2021-28974 RESERVED CVE-2021-28973 RESERVED -CVE-2021-28970 - RESERVED -CVE-2021-28969 - RESERVED +CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...) + TODO: check +CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...) + TODO: check CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...) NOT-FOR-US: PunBB CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...) @@ -4137,8 +4261,8 @@ CVE-2021-28049 RESERVED CVE-2021-28048 RESERVED -CVE-2021-28047 - RESERVED +CVE-2021-28047 (Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Re ...) + TODO: check CVE-2021-28046 RESERVED CVE-2021-28045 @@ -13528,16 +13652,16 @@ CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ char CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...) - xmlbeans 3.0.2-1 NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517 -CVE-2021-23925 - RESERVED -CVE-2021-23924 - RESERVED -CVE-2021-23923 - RESERVED -CVE-2021-23922 - RESERVED -CVE-2021-23921 - RESERVED +CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + TODO: check +CVE-2021-23924 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + TODO: check +CVE-2021-23923 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + TODO: check +CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager before 2 ...) + TODO: check +CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + TODO: check CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute commands, ...) NOT-FOR-US: Mubu CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress allows C ...) @@ -18745,18 +18869,18 @@ CVE-2021-21423 RESERVED CVE-2021-21422 RESERVED -CVE-2021-21421 - RESERVED -CVE-2021-21420 - RESERVED +CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...) + TODO: check +CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...) + TODO: check CVE-2021-21419 RESERVED CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...) NOT-FOR-US: PrestaShop CVE-2021-21417 RESERVED -CVE-2021-21416 - RESERVED +CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...) + TODO: check CVE-2021-21415 RESERVED CVE-2021-21414 @@ -21340,7 +21464,7 @@ CVE-2021-20278 NOT-FOR-US: Kiali CVE-2021-20277 [Out of bounds read in AD DC LDAP server] RESERVED - {DLA-2611-1} + {DSA-4884-1 DLA-2611-1} - ldb 2:2.2.0-3.1 (bug #985935) - samba (unimportant) NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html -- cgit v1.2.3