diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-06-18 20:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-06-18 20:10:20 +0000 |
commit | 2f0cf43b75f8018ba050744ce3db10a9c4694a02 (patch) | |
tree | 9f5b72159eb0a065d6f64fff96c300d0e0771d99 | |
parent | 931d47dcd7bf687f57502b776695885973edc283 (diff) |
automatic update
-rw-r--r-- | data/CVE/2005.list | 4 | ||||
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 4 | ||||
-rw-r--r-- | data/CVE/2021.list | 113 |
5 files changed, 80 insertions, 45 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 4621ef156e..9616b91fa9 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -4993,7 +4993,7 @@ CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 an {DSA-809-1} - squid 2.5.10-5 (medium) CVE-2005-2795 - RESERVED + REJECTED CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...) {DSA-809-3 DSA-809-1} - squid 2.5.10-5 (medium) @@ -10621,7 +10621,7 @@ CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in CVE-2005-0395 REJECTED CVE-2005-0394 - RESERVED + REJECTED CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...) {DSA-733-1} - crip 3.5-1sarge2 (low) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 95da8f847e..cf4b610bc8 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -7239,7 +7239,7 @@ CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Moz - xulrunner 1.8.1.5-1 (high) NOTE: MFSA2007-18 CVE-2007-3733 - RESERVED + REJECTED CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...) - linux-2.6 2.6.23-1 NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index f40231ff6e..35c53678dc 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -17663,7 +17663,7 @@ CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net CVE-2018-14640 RESERVED CVE-2018-14639 - RESERVED + REJECTED CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...) - 389-ds-base 1.4.0.18-1 (bug #908859) [stretch] - 389-ds-base <no-dsa> (Minor issue) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 117438783d..81a35241f7 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -27878,8 +27878,8 @@ CVE-2020-18444 RESERVED CVE-2020-18443 RESERVED -CVE-2020-18442 - RESERVED +CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...) + TODO: check CVE-2020-18441 RESERVED CVE-2020-18440 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 5fc0d1827f..e6566d5c80 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,33 @@ +CVE-2021-3611 + RESERVED +CVE-2021-3610 + RESERVED +CVE-2021-35053 + RESERVED +CVE-2021-35052 + RESERVED +CVE-2021-35051 + RESERVED +CVE-2021-35050 + RESERVED +CVE-2021-35049 + RESERVED +CVE-2021-35048 + RESERVED +CVE-2021-35047 + RESERVED +CVE-2021-35046 + RESERVED +CVE-2021-35045 + RESERVED +CVE-2021-35044 + RESERVED +CVE-2021-35043 + RESERVED +CVE-2021-35042 + RESERVED +CVE-2021-35041 + RESERVED CVE-2021-3609 RESERVED CVE-2021-35040 @@ -465,8 +495,8 @@ CVE-2021-34817 RESERVED CVE-2021-34816 RESERVED -CVE-2021-34815 - RESERVED +CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...) + TODO: check CVE-2021-34814 RESERVED CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) @@ -506,8 +536,8 @@ CVE-2021-34799 RESERVED CVE-2021-34798 RESERVED -CVE-2021-3604 - RESERVED +CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...) + TODO: check CVE-2021-34797 RESERVED CVE-2021-34796 @@ -1071,16 +1101,19 @@ CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution i TODO: check CVE-2021-34550 [out-of-bounds memory access in v3 onion service descriptor parsing] RESERVED + {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor <end-of-life> (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 CVE-2021-34549 [hashtable-based CPU denial-of-service attack against relays] RESERVED + {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor <end-of-life> (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 CVE-2021-34548 RESERVED + {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor <end-of-life> (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 @@ -2548,6 +2581,7 @@ CVE-2021-3581 RESERVED CVE-2021-3580 [Remote crash in RSA decryption via manipulated ciphertext] RESERVED + {DSA-4933-1} - nettle 3.7.3-1 (bug #989631) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983 NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe @@ -2605,20 +2639,20 @@ CVE-2021-33826 RESERVED CVE-2021-33825 RESERVED -CVE-2021-33824 - RESERVED -CVE-2021-33823 - RESERVED -CVE-2021-33822 - RESERVED +CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) + TODO: check +CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) + TODO: check +CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...) + TODO: check CVE-2021-33821 RESERVED -CVE-2021-33820 - RESERVED +CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) + TODO: check CVE-2021-33819 RESERVED -CVE-2021-33818 - RESERVED +CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) + TODO: check CVE-2021-33817 RESERVED CVE-2021-33816 @@ -3170,10 +3204,10 @@ CVE-2021-33579 RESERVED CVE-2021-33578 RESERVED -CVE-2021-33577 - RESERVED -CVE-2021-33576 - RESERVED +CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...) + TODO: check +CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...) + TODO: check CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...) NOT-FOR-US: ruby-jss gem CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...) @@ -3687,8 +3721,8 @@ CVE-2021-33349 RESERVED CVE-2021-33348 RESERVED -CVE-2021-33347 - RESERVED +CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...) + TODO: check CVE-2021-33346 RESERVED CVE-2021-33345 @@ -4580,12 +4614,12 @@ CVE-2021-32958 RESERVED CVE-2021-32957 RESERVED -CVE-2021-32956 - RESERVED +CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...) + TODO: check CVE-2021-32955 RESERVED -CVE-2021-32954 - RESERVED +CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...) + TODO: check CVE-2021-32953 RESERVED CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...) @@ -5527,8 +5561,8 @@ CVE-2021-32538 RESERVED CVE-2021-32537 RESERVED -CVE-2021-32536 - RESERVED +CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...) + TODO: check CVE-2021-32535 RESERVED CVE-2021-32534 @@ -18869,10 +18903,10 @@ CVE-2021-26837 RESERVED CVE-2021-26836 RESERVED -CVE-2021-26835 - RESERVED -CVE-2021-26834 - RESERVED +CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...) + TODO: check +CVE-2021-26834 (A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An a ...) + TODO: check CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...) NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...) @@ -19485,7 +19519,7 @@ CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in NOT-FOR-US: Synology CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...) NOT-FOR-US: Synology -CVE-2021-26563 (Improper access control vulnerability in synoagentregisterd in Synolog ...) +CVE-2021-26563 (Incorrect authorization vulnerability in synoagentregisterd in Synolog ...) NOT-FOR-US: Synology CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...) NOT-FOR-US: Synology @@ -25906,10 +25940,10 @@ CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a refle NOT-FOR-US: Bosch CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...) NOT-FOR-US: Bosch -CVE-2021-23846 - RESERVED -CVE-2021-23845 - RESERVED +CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear ...) + TODO: check +CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...) + TODO: check CVE-2021-23844 RESERVED CVE-2021-23843 @@ -29844,8 +29878,8 @@ CVE-2021-21999 RESERVED CVE-2021-21998 RESERVED -CVE-2021-21997 - RESERVED +CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...) + TODO: check CVE-2021-21996 RESERVED CVE-2021-21995 @@ -30527,8 +30561,8 @@ CVE-2021-21671 RESERVED CVE-2021-21670 RESERVED -CVE-2021-21669 - RESERVED +CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...) + TODO: check CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...) NOT-FOR-US: Jenkins plugin CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...) @@ -33731,6 +33765,7 @@ CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in li CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any ...) NOT-FOR-US: Red Hat Business Central CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...) + {DSA-4933-1} - nettle 3.7.2-1 (bug #985652) [stretch] - nettle <postponed> (Minor issue; can be fixed in next update) NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html |