summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2021-10-15 20:10:19 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2021-10-15 20:10:19 +0000
commit036b1cb729fb25440e130d9ee9c68e7c0a213b9d (patch)
treeb800368ab3a610f19b69ed21911f743da05126df
parente33891e3a8f84c338e8e64f274ed54ac6761273b (diff)
automatic update
-rw-r--r--data/CVE/2017.list2
-rw-r--r--data/CVE/2018.list8
-rw-r--r--data/CVE/2020.list4
-rw-r--r--data/CVE/2021.list297
-rw-r--r--data/CVE/2022.list10
5 files changed, 201 insertions, 120 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index d9738a4e1c..e24410c246 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -37392,7 +37392,7 @@ CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend
- virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438
-CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5 ...)
+CVE-2017-5991 (An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9 ...)
{DSA-3797-1}
- mupdf 1.9a+ds1-4 (low)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 1128e99b99..f38029d1c5 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -14120,10 +14120,10 @@ CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils befo
[stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
-CVE-2018-16061
- RESERVED
-CVE-2018-16060
- RESERVED
+CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...)
+ TODO: check
+CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain ...)
+ TODO: check
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...)
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index ca50cc0eb4..fa68f92c78 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -61661,8 +61661,8 @@ CVE-2020-4953 (IBM Planning Analytics 2.0 could allow a remote authenticated att
NOT-FOR-US: IBM
CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...)
NOT-FOR-US: IBM
-CVE-2020-4951
- RESERVED
+CVE-2020-4951 (IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser ...)
+ TODO: check
CVE-2020-4950
RESERVED
CVE-2020-4949 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 37739f38e2..0b6f250a6a 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,73 @@
+CVE-2021-42553
+ RESERVED
+CVE-2021-42552
+ RESERVED
+CVE-2021-42551
+ RESERVED
+CVE-2021-42550
+ RESERVED
+CVE-2021-42549
+ RESERVED
+CVE-2021-42548
+ RESERVED
+CVE-2021-42547
+ RESERVED
+CVE-2021-42546
+ RESERVED
+CVE-2021-42545
+ RESERVED
+CVE-2021-42544
+ RESERVED
+CVE-2021-42543
+ RESERVED
+CVE-2021-42542
+ RESERVED
+CVE-2021-42541
+ RESERVED
+CVE-2021-42540
+ RESERVED
+CVE-2021-42539
+ RESERVED
+CVE-2021-42538
+ RESERVED
+CVE-2021-42537
+ RESERVED
+CVE-2021-42536
+ RESERVED
+CVE-2021-42535
+ RESERVED
+CVE-2021-42534
+ RESERVED
+CVE-2021-42533
+ RESERVED
+CVE-2021-42532
+ RESERVED
+CVE-2021-42531
+ RESERVED
+CVE-2021-42530
+ RESERVED
+CVE-2021-42529
+ RESERVED
+CVE-2021-42528
+ RESERVED
+CVE-2021-42527
+ RESERVED
+CVE-2021-42526
+ RESERVED
+CVE-2021-42525
+ RESERVED
+CVE-2021-42524
+ RESERVED
+CVE-2021-3891
+ RESERVED
+CVE-2021-3890
+ RESERVED
+CVE-2021-3889
+ RESERVED
+CVE-2021-3888
+ RESERVED
+CVE-2021-3887
+ RESERVED
CVE-2021-42523
RESERVED
CVE-2021-42522
@@ -383,22 +453,22 @@ CVE-2021-42338
RESERVED
CVE-2021-42337
RESERVED
-CVE-2021-42336
- RESERVED
-CVE-2021-42335
- RESERVED
-CVE-2021-42334
- RESERVED
-CVE-2021-42333
- RESERVED
-CVE-2021-42332
- RESERVED
-CVE-2021-42331
- RESERVED
-CVE-2021-42330
- RESERVED
-CVE-2021-42329
- RESERVED
+CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...)
+ TODO: check
+CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...)
+ TODO: check
+CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...)
+ TODO: check
+CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...)
+ TODO: check
+CVE-2021-42332 (The &#8220;List View&#8221; function of ShinHer StudyOnline System is ...)
+ TODO: check
+CVE-2021-42331 (The &#8220;Study Edit&#8221; function of ShinHer StudyOnline System do ...)
+ TODO: check
+CVE-2021-42330 (The &#8220;Teacher Edit&#8221; function of ShinHer StudyOnline System ...)
+ TODO: check
+CVE-2021-42329 (The &#8220;List_Add&#8221; function of message board of ShinHer StudyO ...)
+ TODO: check
CVE-2021-42328
RESERVED
CVE-2021-42327
@@ -538,8 +608,8 @@ CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session auth
- ledgersmb <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie
-CVE-2021-3881
- RESERVED
+CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...)
+ TODO: check
CVE-2021-3880
RESERVED
CVE-2021-3879
@@ -559,8 +629,8 @@ CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an un
NOT-FOR-US: check_smart Icinga plugin
CVE-2021-42256
RESERVED
-CVE-2021-3878
- RESERVED
+CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ TODO: check
CVE-2021-42255
RESERVED
CVE-2021-42254
@@ -620,7 +690,7 @@ CVE-2021-42230
RESERVED
CVE-2021-42229
RESERVED
-CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...)
+CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...)
NOT-FOR-US: KindEditor
CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...)
NOT-FOR-US: KindEditor
@@ -814,8 +884,8 @@ CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a
NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2021-3876
RESERVED
-CVE-2021-3875
- RESERVED
+CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-42133
RESERVED
CVE-2021-42132
@@ -864,8 +934,8 @@ CVE-2021-42111
RESERVED
CVE-2021-42110
RESERVED
-CVE-2021-3874
- RESERVED
+CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
+ TODO: check
CVE-2021-3873
RESERVED
CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
@@ -2666,8 +2736,8 @@ CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to
NOT-FOR-US: Poly VVX 400/410
CVE-2021-41321
RESERVED
-CVE-2021-41320
- RESERVED
+CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...)
+ TODO: check
CVE-2021-41319
RESERVED
CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
@@ -3048,10 +3118,10 @@ CVE-2021-41150
RESERVED
CVE-2021-41149
RESERVED
-CVE-2021-41148
- RESERVED
-CVE-2021-41147
- RESERVED
+CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ TODO: check
+CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ TODO: check
CVE-2021-41146
RESERVED
CVE-2021-41145
@@ -3233,6 +3303,7 @@ CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...)
+ {DSA-4987-1}
- squashfs-tools 1:4.5-3 (bug #994262)
NOTE: Prerequisites:
NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36
@@ -3387,34 +3458,34 @@ CVE-2021-41001
RESERVED
CVE-2021-41000
RESERVED
-CVE-2021-40999
- RESERVED
-CVE-2021-40998
- RESERVED
-CVE-2021-40997
- RESERVED
-CVE-2021-40996
- RESERVED
-CVE-2021-40995
- RESERVED
-CVE-2021-40994
- RESERVED
-CVE-2021-40993
- RESERVED
-CVE-2021-40992
- RESERVED
-CVE-2021-40991
- RESERVED
-CVE-2021-40990
- RESERVED
-CVE-2021-40989
- RESERVED
-CVE-2021-40988
- RESERVED
-CVE-2021-40987
- RESERVED
-CVE-2021-40986
- RESERVED
+CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ TODO: check
+CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ TODO: check
+CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ TODO: check
+CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ TODO: check
+CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
+CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
+CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...)
+ TODO: check
+CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...)
+ TODO: check
+CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
CVE-2021-3800
RESERVED
CVE-2021-40985
@@ -4021,30 +4092,30 @@ CVE-2021-40733
RESERVED
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
NOT-FOR-US: Adobe
-CVE-2021-40731
- RESERVED
-CVE-2021-40730
- RESERVED
-CVE-2021-40729
- RESERVED
-CVE-2021-40728
- RESERVED
+CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
+CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
+CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
+CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ TODO: check
CVE-2021-40727
RESERVED
CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
-CVE-2021-40724
- RESERVED
+CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...)
+ TODO: check
CVE-2021-40723
RESERVED
CVE-2021-40722
RESERVED
-CVE-2021-40721
- RESERVED
-CVE-2021-40720
- RESERVED
+CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a reflected ...)
+ TODO: check
+CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
+ TODO: check
CVE-2021-40719
RESERVED
CVE-2021-40718
@@ -6035,8 +6106,8 @@ CVE-2021-39866 (A business logic error in the project deletion process in GitLab
- gitlab <unfixed>
CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
NOT-FOR-US: Adobe
-CVE-2021-39864
- RESERVED
+CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...)
+ TODO: check
CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
@@ -7197,18 +7268,18 @@ CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated
NOT-FOR-US: WordPress plugin
CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39349
- RESERVED
+CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2021-39348
RESERVED
CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39346
RESERVED
-CVE-2021-39345
- RESERVED
-CVE-2021-39344
- RESERVED
+CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...)
+ TODO: check
+CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...)
+ TODO: check
CVE-2021-39343
RESERVED
CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
@@ -7219,20 +7290,20 @@ CVE-2021-39340
RESERVED
CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39338
- RESERVED
-CVE-2021-39337
- RESERVED
-CVE-2021-39336
- RESERVED
-CVE-2021-39335
- RESERVED
-CVE-2021-39334
- RESERVED
+CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...)
+ TODO: check
CVE-2021-39333
RESERVED
-CVE-2021-39332
- RESERVED
+CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...)
+ TODO: check
CVE-2021-39331
RESERVED
CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
@@ -9445,10 +9516,10 @@ CVE-2021-38434
RESERVED
CVE-2021-38433
RESERVED
-CVE-2021-38432
- RESERVED
-CVE-2021-38431
- RESERVED
+CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...)
+ TODO: check
+CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...)
+ TODO: check
CVE-2021-38430
RESERVED
CVE-2021-38429
@@ -11111,14 +11182,14 @@ CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication R
NOT-FOR-US: ManageEngine
CVE-2021-37740
RESERVED
-CVE-2021-37739
- RESERVED
-CVE-2021-37738
- RESERVED
-CVE-2021-37737
- RESERVED
-CVE-2021-37736
- RESERVED
+CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ TODO: check
+CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
+CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ TODO: check
+CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ TODO: check
CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...)
NOT-FOR-US: Aruba
CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...)
@@ -30222,8 +30293,8 @@ CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote atta
NOT-FOR-US: IBM
CVE-2021-29746
RESERVED
-CVE-2021-29745
- RESERVED
+CVE-2021-29745 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge esc ...)
+ TODO: check
CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
NOT-FOR-US: IBM
CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
@@ -30354,8 +30425,8 @@ CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker t
NOT-FOR-US: IBM
CVE-2021-29680
RESERVED
-CVE-2021-29679
- RESERVED
+CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...)
+ TODO: check
CVE-2021-29678
RESERVED
CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
@@ -34442,8 +34513,8 @@ CVE-2021-28023
RESERVED
CVE-2021-28022
RESERVED
-CVE-2021-28021
- RESERVED
+CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...)
+ TODO: check
CVE-2021-28020
RESERVED
CVE-2021-28019
@@ -35488,8 +35559,8 @@ CVE-2021-27563
RESERVED
CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...)
NOT-FOR-US: Arm Trusted Firmware M
-CVE-2021-27561
- RESERVED
+CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command injection as ro ...)
+ TODO: check
CVE-2021-27560
RESERVED
CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 815653a630..c862a38963 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,13 @@
+CVE-2022-0005
+ RESERVED
+CVE-2022-0004
+ RESERVED
+CVE-2022-0003
+ RESERVED
+CVE-2022-0002
+ RESERVED
+CVE-2022-0001
+ RESERVED
CVE-2022-20611
RESERVED
CVE-2022-20610

© 2014-2024 Faster IT GmbH | imprint | privacy policy