From cd47ad187202873decd8444875401b23bdcd517c Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sat, 13 Feb 2021 08:10:12 +0000 Subject: automatic update --- data/CVE/2013.list | 2 ++ data/CVE/2020.list | 8 ++++---- data/CVE/2021.list | 42 +++++++++++++++++++++++++++--------------- 3 files changed, 33 insertions(+), 19 deletions(-) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index b3e3ad93b7..861bbf1ea7 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,3 +1,5 @@ +CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...) + TODO: check CVE-2013-7491 (An issue was discovered in the DBI module before 1.628 for Perl. Stack ...) - libdbi-perl 1.628-1 NOTE: https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6db1dc06db..29d5da8063 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -37054,7 +37054,7 @@ CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Re NOTE: Fixed upstream in 6.0~rc2 and 5.0.8 CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...) NOT-FOR-US: KumbiaPHP -CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepan ...) +CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...) - openssh (unimportant) NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf @@ -37575,8 +37575,8 @@ CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeeti NOT-FOR-US: Apache OpenMeetings CVE-2020-13950 RESERVED -CVE-2020-13949 - RESERVED +CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...) + TODO: check CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...) NOT-FOR-US: Apache Superset CVE-2020-13947 (An instance of a cross-site scripting vulnerability was identified to ...) @@ -43713,7 +43713,7 @@ CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine Dat NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...) NOT-FOR-US: Chop Slider 3 WordPress plugin -CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...) +CVE-2020-11529 (Common/Grav.php in Grav before 1.7 has an Open Redirect. This is parti ...) NOT-FOR-US: Grav CMS CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...) NOT-FOR-US: bit2spr diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 69fcf2c720..6bbad5b936 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,15 @@ +CVE-2021-27211 + RESERVED +CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...) + TODO: check +CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221 devices, ...) + TODO: check +CVE-2021-27208 + RESERVED +CVE-2021-27207 + RESERVED +CVE-2021-27206 + RESERVED CVE-2021-3411 RESERVED CVE-2021-3410 @@ -37,7 +49,7 @@ CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable NOT-FOR-US: Node get-ip-range CVE-2021-3408 RESERVED -CVE-2021-27190 (PEEL Shopping cart 9.3.0 allows utilisateurs/change_params.php Address ...) +CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...) NOT-FOR-US: PEEL Shopping cart CVE-2021-27189 RESERVED @@ -964,12 +976,12 @@ CVE-2021-26755 RESERVED CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for server-side t ...) NOT-FOR-US: wpDataTables WordPress plugin -CVE-2021-26753 - RESERVED -CVE-2021-26752 - RESERVED -CVE-2021-26751 - RESERVED +CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in the Syste ...) + TODO: check +CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating system com ...) + TODO: check +CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...) + TODO: check CVE-2021-26750 RESERVED CVE-2021-26749 @@ -9265,8 +9277,8 @@ CVE-2021-22986 RESERVED CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...) NOT-FOR-US: F5 BIG-IP -CVE-2021-22984 - RESERVED +CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x ...) + TODO: check CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...) @@ -9277,10 +9289,10 @@ CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1. NOT-FOR-US: F5 BIG-IP CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP -CVE-2021-22978 - RESERVED -CVE-2021-22977 - RESERVED +CVE-2021-22978 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...) + TODO: check +CVE-2021-22977 (On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation betwe ...) + TODO: check CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and ...) @@ -10256,8 +10268,8 @@ CVE-2021-22506 RESERVED CVE-2021-22505 RESERVED -CVE-2021-22504 - RESERVED +CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...) + TODO: check CVE-2021-22503 RESERVED CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...) -- cgit v1.2.3