diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-01-15 20:10:21 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-15 20:10:21 +0000 |
commit | ca3c82525990309c6c9b82b80c29aaea959b2e5d (patch) | |
tree | 34a70a0a8c0bc8baf78279650d5fec6c714387d4 /data | |
parent | 923b24ff9170aa5cae8c8720c320042d7c247822 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 282 |
1 files changed, 213 insertions, 69 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1ff764360d..37b79e59ba 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,159 @@ +CVE-2021-3159 + RESERVED +CVE-2021-25273 + RESERVED +CVE-2021-25272 + RESERVED +CVE-2021-25271 + RESERVED +CVE-2021-25270 + RESERVED +CVE-2021-25269 + RESERVED +CVE-2021-25268 + RESERVED +CVE-2021-25267 + RESERVED +CVE-2021-25266 + RESERVED +CVE-2021-25265 + RESERVED +CVE-2021-25264 + RESERVED +CVE-2021-25263 + RESERVED +CVE-2021-25262 + RESERVED +CVE-2021-25261 + RESERVED +CVE-2021-25260 + RESERVED +CVE-2021-25259 + RESERVED +CVE-2021-25258 + RESERVED +CVE-2021-25257 + RESERVED +CVE-2021-25256 + RESERVED +CVE-2021-25255 + RESERVED +CVE-2021-25254 + RESERVED +CVE-2021-25253 + RESERVED +CVE-2021-25252 + RESERVED +CVE-2021-25251 + RESERVED +CVE-2021-25250 + RESERVED +CVE-2021-25249 + RESERVED +CVE-2021-25248 + RESERVED +CVE-2021-25247 + RESERVED +CVE-2021-25246 + RESERVED +CVE-2021-25245 + RESERVED +CVE-2021-25244 + RESERVED +CVE-2021-25243 + RESERVED +CVE-2021-25242 + RESERVED +CVE-2021-25241 + RESERVED +CVE-2021-25240 + RESERVED +CVE-2021-25239 + RESERVED +CVE-2021-25238 + RESERVED +CVE-2021-25237 + RESERVED +CVE-2021-25236 + RESERVED +CVE-2021-25235 + RESERVED +CVE-2021-25234 + RESERVED +CVE-2021-25233 + RESERVED +CVE-2021-25232 + RESERVED +CVE-2021-25231 + RESERVED +CVE-2021-25230 + RESERVED +CVE-2021-25229 + RESERVED +CVE-2021-25228 + RESERVED +CVE-2021-25227 + RESERVED +CVE-2021-25226 + RESERVED +CVE-2021-25225 + RESERVED +CVE-2021-25224 + RESERVED +CVE-2021-25223 + RESERVED +CVE-2021-25222 + RESERVED +CVE-2021-25221 + RESERVED +CVE-2021-25220 + RESERVED +CVE-2021-25219 + RESERVED +CVE-2021-25218 + RESERVED +CVE-2021-25217 + RESERVED +CVE-2021-25216 + RESERVED +CVE-2021-25215 + RESERVED +CVE-2021-25214 + RESERVED +CVE-2021-25213 + RESERVED +CVE-2021-25212 + RESERVED +CVE-2021-25211 + RESERVED +CVE-2021-25210 + RESERVED +CVE-2021-25209 + RESERVED +CVE-2021-25208 + RESERVED +CVE-2021-25207 + RESERVED +CVE-2021-25206 + RESERVED +CVE-2021-25205 + RESERVED +CVE-2021-25204 + RESERVED +CVE-2021-25203 + RESERVED +CVE-2021-25202 + RESERVED +CVE-2021-25201 + RESERVED +CVE-2021-25200 + RESERVED +CVE-2021-25199 + RESERVED +CVE-2021-25198 + RESERVED +CVE-2021-25197 + RESERVED CVE-2021-3158 RESERVED CVE-2021-3157 @@ -6285,18 +6441,17 @@ CVE-2021-22173 RESERVED CVE-2021-22172 RESERVED -CVE-2021-22171 - RESERVED +CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) + TODO: check CVE-2021-22170 RESERVED CVE-2021-22169 RESERVED -CVE-2021-22168 - RESERVED -CVE-2021-22167 - RESERVED -CVE-2021-22166 - RESERVED +CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...) + TODO: check +CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...) + TODO: check +CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...) - gitlab <not-affected> (Only affects Gitlab 13.7.x) NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ CVE-2021-22165 @@ -8691,10 +8846,10 @@ CVE-2020-35751 RESERVED CVE-2020-35750 RESERVED -CVE-2020-35749 - RESERVED -CVE-2020-35748 - RESERVED +CVE-2020-35749 (Directory traversal vulnerability in class-simple_job_board_resume_dow ...) + TODO: check +CVE-2020-35748 (Cross-site scripting (XSS) vulnerability in models/list-table.php in t ...) + TODO: check CVE-2020-35747 RESERVED CVE-2020-35746 @@ -8714,6 +8869,7 @@ CVE-2020-35740 (HGiga MailSherlock does not validate specific URL parameters pro CVE-2020-35739 RESERVED CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...) + {DLA-2525-1} - wavpack 5.3.0-2 (bug #978548) [buster] - wavpack <no-dsa> (Minor issue) NOTE: https://github.com/dbry/WavPack/issues/91 @@ -8727,8 +8883,8 @@ CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...) NOT-FOR-US: Vidyo CVE-2020-35734 RESERVED -CVE-2020-35733 - RESERVED +CVE-2020-35733 (An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ...) + TODO: check CVE-2020-35732 RESERVED CVE-2020-35731 @@ -9378,8 +9534,8 @@ CVE-2021-21239 RESERVED CVE-2021-21238 RESERVED -CVE-2021-21237 - RESERVED +CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...) + TODO: check CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...) - cairosvg <unfixed> (bug #979597) [buster] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6) @@ -11658,7 +11814,7 @@ CVE-2021-20191 CVE-2021-20190 RESERVED CVE-2021-20189 - RESERVED + REJECTED CVE-2021-20188 RESERVED CVE-2021-20187 @@ -21662,67 +21818,49 @@ CVE-2021-0225 RESERVED CVE-2021-0224 RESERVED -CVE-2021-0223 - RESERVED +CVE-2021-0223 (A local privilege escalation vulnerability in telnetd.real of Juniper ...) NOT-FOR-US: Juniper -CVE-2021-0222 - RESERVED +CVE-2021-0222 (A vulnerability in Juniper Networks Junos OS allows an attacker to cau ...) NOT-FOR-US: Juniper -CVE-2021-0221 - RESERVED +CVE-2021-0221 (In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway ...) NOT-FOR-US: Juniper -CVE-2021-0220 - RESERVED -CVE-2021-0219 - RESERVED +CVE-2021-0220 (The Junos Space Network Management Platform has been found to store sh ...) + TODO: check +CVE-2021-0219 (A command injection vulnerability in install package validation subsys ...) NOT-FOR-US: Juniper -CVE-2021-0218 - RESERVED +CVE-2021-0218 (A command injection vulnerability in the license-check daemon of Junip ...) NOT-FOR-US: Juniper -CVE-2021-0217 - RESERVED +CVE-2021-0217 (A vulnerability in processing of certain DHCP packets from adjacent cl ...) NOT-FOR-US: Juniper CVE-2021-0216 RESERVED -CVE-2021-0215 - RESERVED +CVE-2021-0215 (On Juniper Networks Junos EX series, QFX Series and SRX branch series ...) NOT-FOR-US: Juniper CVE-2021-0214 RESERVED CVE-2021-0213 RESERVED -CVE-2021-0212 - RESERVED +CVE-2021-0212 (An Information Exposure vulnerability in Juniper Networks Contrail Net ...) NOT-FOR-US: Juniper -CVE-2021-0211 - RESERVED +CVE-2021-0211 (An improper check for unusual or exceptional conditions in Juniper Net ...) NOT-FOR-US: Juniper -CVE-2021-0210 - RESERVED +CVE-2021-0210 (An Information Exposure vulnerability in J-Web of Juniper Networks Jun ...) NOT-FOR-US: Juniper -CVE-2021-0209 - RESERVED +CVE-2021-0209 (In Juniper Networks Junos OS Evolved an attacker sending certain valid ...) NOT-FOR-US: Juniper -CVE-2021-0208 - RESERVED +CVE-2021-0208 (An improper input validation vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper -CVE-2021-0207 - RESERVED +CVE-2021-0207 (An improper interpretation conflict of certain data between certain so ...) NOT-FOR-US: Juniper -CVE-2021-0206 - RESERVED +CVE-2021-0206 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper -CVE-2021-0205 - RESERVED +CVE-2021-0205 (When the "Intrusion Detection Service" (IDS) feature is configured on ...) NOT-FOR-US: Juniper -CVE-2021-0204 - RESERVED +CVE-2021-0204 (A sensitive information disclosure vulnerability in delta-export confi ...) NOT-FOR-US: Juniper -CVE-2021-0203 - RESERVED +CVE-2021-0203 (On Juniper Networks EX and QFX5K Series platforms configured with Redu ...) NOT-FOR-US: Juniper -CVE-2021-0202 - RESERVED +CVE-2021-0202 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...) NOT-FOR-US: Juniper CVE-2021-0201 RESERVED @@ -25661,8 +25799,7 @@ CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE - gitlab <not-affected> (Specific to EE) CVE-2020-26415 (Information about the starred projects for private user profiles was e ...) - gitlab 13.4.7-1 -CVE-2020-26414 - RESERVED +CVE-2020-26414 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.5.6-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ @@ -25902,6 +26039,7 @@ CVE-2020-26300 CVE-2020-26299 RESERVED CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...) + {DSA-4831-1 DLA-2526-1} - ruby-redcarpet 3.5.1-1 (bug #980057) NOTE: https://github.com/advisories/GHSA-q3wr-qw3g-3p4h NOTE: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793 @@ -29840,14 +29978,14 @@ CVE-2020-24643 RESERVED CVE-2020-24642 RESERVED -CVE-2020-24641 - RESERVED -CVE-2020-24640 - RESERVED -CVE-2020-24639 - RESERVED -CVE-2020-24638 - RESERVED +CVE-2020-24641 (In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Fo ...) + TODO: check +CVE-2020-24640 (There is a vulnerability caused by insufficient input validation that ...) + TODO: check +CVE-2020-24639 (There is a vulnerability caused by unsafe Java deserialization that al ...) + TODO: check +CVE-2020-24638 (Multiple authenticated remote command executions are possible in Airwa ...) + TODO: check CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...) NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS) CVE-2020-24636 @@ -46958,8 +47096,8 @@ CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via th NOT-FOR-US: Winston devices CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF. ...) NOT-FOR-US: Winston devices -CVE-2020-16255 - RESERVED +CVE-2020-16255 (ownCloud (Core) before 10.5 allows XSS in login page 'forgot password. ...) + TODO: check CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...) NOT-FOR-US: Chartkick gem CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...) @@ -97364,8 +97502,8 @@ CVE-2019-16963 RESERVED CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...) NOT-FOR-US: Zoho ManageEngine Desktop Central -CVE-2019-16961 - RESERVED +CVE-2019-16961 (SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. ...) + TODO: check CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...) NOT-FOR-US: SolarWinds CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...) @@ -115099,6 +115237,7 @@ CVE-2019-11499 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submiss [jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3) NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...) + {DLA-2525-1} - wavpack 5.1.0-6 (low; bug #927903) [jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0) NOTE: https://github.com/dbry/WavPack/issues/67 @@ -119667,6 +119806,7 @@ CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex CVE-2019-9888 RESERVED CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...) + {DLA-2525-1} - wavpack 5.1.0-7 (low; bug #932061) [buster] - wavpack <no-dsa> (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe @@ -119674,6 +119814,7 @@ CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Unin CVE-2019-1010318 REJECTED CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...) + {DLA-2525-1} - wavpack 5.1.0-7 (low; bug #932060) [buster] - wavpack <no-dsa> (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b @@ -119681,6 +119822,7 @@ CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Unin CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Th ...) NOT-FOR-US: pyxtrlock CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...) + {DLA-2525-1} - wavpack 5.1.0-6 (low) NOTE: https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc NOTE: https://github.com/dbry/WavPack/issues/65 @@ -143850,10 +143992,12 @@ CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allo NOTE: https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432 NOTE: https://github.com/radare/radare2/issues/12239 CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a ...) + {DLA-2525-1} - wavpack 5.1.0-5 (bug #915565) NOTE: https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b NOTE: https://github.com/dbry/WavPack/issues/54 CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPac ...) + {DLA-2525-1} - wavpack 5.1.0-5 (bug #915564) NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51 NOTE: https://github.com/dbry/WavPack/issues/53 |