From 9db0a6072945f481e6982cd8682d0a6001dc367d Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sat, 6 Mar 2021 08:10:21 +0000 Subject: automatic update --- data/CVE/2020.list | 16 ++++++++-------- data/CVE/2021.list | 43 +++++++++++++++++++++++++++++-------------- 2 files changed, 37 insertions(+), 22 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 207d1be343..a741328d2f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -4266,12 +4266,12 @@ CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware NOT-FOR-US: Secomea GateManager CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...) NOT-FOR-US: GateManager -CVE-2020-29030 - RESERVED -CVE-2020-29029 - RESERVED -CVE-2020-29028 - RESERVED +CVE-2020-29030 (Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea ...) + TODO: check +CVE-2020-29029 (Improper Input Validation, Cross-site Scripting (XSS) vulnerability in ...) + TODO: check +CVE-2020-29028 (Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateMan ...) + TODO: check CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...) NOT-FOR-US: Secomea CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...) @@ -4286,8 +4286,8 @@ CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManag NOT-FOR-US: Secomea CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...) NOT-FOR-US: GateManager -CVE-2020-29020 - RESERVED +CVE-2020-29020 (Improper Access Control vulnerability in web service of Secomea SiteMa ...) + TODO: check CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through ...) NOT-FOR-US: Fortiguard CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 11da8f5044..ea1c62bcb4 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,19 @@ +CVE-2021-28049 + RESERVED +CVE-2021-28048 + RESERVED +CVE-2021-28047 + RESERVED +CVE-2021-28046 + RESERVED +CVE-2021-28045 + RESERVED +CVE-2021-28044 + RESERVED +CVE-2021-28043 + RESERVED +CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...) + TODO: check CVE-2021-3423 RESERVED CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...) @@ -264,8 +280,7 @@ CVE-2021-27919 RESERVED CVE-2021-27918 RESERVED -CVE-2021-3420 - RESERVED +CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...) - newlib (bug #984446) [buster] - newlib (Minor issue) - picolibc 1.5-1 @@ -974,8 +989,8 @@ CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, a NOT-FOR-US: Directus CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...) NOT-FOR-US: OpenID Connect server implementation for MITREid Connect -CVE-2021-27581 - RESERVED +CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...) + TODO: check CVE-2021-27580 RESERVED CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on ...) @@ -1642,14 +1657,14 @@ CVE-2021-27259 RESERVED CVE-2021-27258 RESERVED -CVE-2021-27257 - RESERVED -CVE-2021-27256 - RESERVED -CVE-2021-27255 - RESERVED -CVE-2021-27254 - RESERVED +CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...) + TODO: check +CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...) + TODO: check CVE-2021-27253 RESERVED CVE-2021-27252 @@ -2653,8 +2668,8 @@ CVE-2021-26816 RESERVED CVE-2021-26815 RESERVED -CVE-2021-26814 - RESERVED +CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...) + TODO: check CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...) - python-markdown2 NOTE: https://github.com/trentm/python-markdown2/pull/387 -- cgit v1.2.3