From 18ca315f230c8be17aeaeaead7fb7b65d43bc07d Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 11 Jun 2021 08:10:18 +0000 Subject: automatic update --- data/CVE/list | 360 +++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 295 insertions(+), 65 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 76698e7913..75dc4b349c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,235 @@ +CVE-2021-34674 + RESERVED +CVE-2021-34673 + RESERVED +CVE-2021-34672 + RESERVED +CVE-2021-34671 + RESERVED +CVE-2021-34670 + RESERVED +CVE-2021-34669 + RESERVED +CVE-2021-34668 + RESERVED +CVE-2021-34667 + RESERVED +CVE-2021-34666 + RESERVED +CVE-2021-34665 + RESERVED +CVE-2021-34664 + RESERVED +CVE-2021-34663 + RESERVED +CVE-2021-34662 + RESERVED +CVE-2021-34661 + RESERVED +CVE-2021-34660 + RESERVED +CVE-2021-34659 + RESERVED +CVE-2021-34658 + RESERVED +CVE-2021-34657 + RESERVED +CVE-2021-34656 + RESERVED +CVE-2021-34655 + RESERVED +CVE-2021-34654 + RESERVED +CVE-2021-34653 + RESERVED +CVE-2021-34652 + RESERVED +CVE-2021-34651 + RESERVED +CVE-2021-34650 + RESERVED +CVE-2021-34649 + RESERVED +CVE-2021-34648 + RESERVED +CVE-2021-34647 + RESERVED +CVE-2021-34646 + RESERVED +CVE-2021-34645 + RESERVED +CVE-2021-34644 + RESERVED +CVE-2021-34643 + RESERVED +CVE-2021-34642 + RESERVED +CVE-2021-34641 + RESERVED +CVE-2021-34640 + RESERVED +CVE-2021-34639 + RESERVED +CVE-2021-34638 + RESERVED +CVE-2021-34637 + RESERVED +CVE-2021-34636 + RESERVED +CVE-2021-34635 + RESERVED +CVE-2021-34634 + RESERVED +CVE-2021-34633 + RESERVED +CVE-2021-34632 + RESERVED +CVE-2021-34631 + RESERVED +CVE-2021-34630 + RESERVED +CVE-2021-34629 + RESERVED +CVE-2021-34628 + RESERVED +CVE-2021-34627 + RESERVED +CVE-2021-34626 + RESERVED +CVE-2021-34625 + RESERVED +CVE-2021-34624 + RESERVED +CVE-2021-34623 + RESERVED +CVE-2021-34622 + RESERVED +CVE-2021-34621 + RESERVED +CVE-2021-34620 + RESERVED +CVE-2021-34619 + RESERVED +CVE-2021-34618 + RESERVED +CVE-2021-34617 + RESERVED +CVE-2021-34616 + RESERVED +CVE-2021-34615 + RESERVED +CVE-2021-34614 + RESERVED +CVE-2021-34613 + RESERVED +CVE-2021-34612 + RESERVED +CVE-2021-34611 + RESERVED +CVE-2021-34610 + RESERVED +CVE-2021-34609 + RESERVED +CVE-2021-34608 + RESERVED +CVE-2021-34607 + RESERVED +CVE-2021-34606 + RESERVED +CVE-2021-34605 + RESERVED +CVE-2021-34604 + RESERVED +CVE-2021-34603 + RESERVED +CVE-2021-34602 + RESERVED +CVE-2021-34601 + RESERVED +CVE-2021-34600 + RESERVED +CVE-2021-34599 + RESERVED +CVE-2021-34598 + RESERVED +CVE-2021-34597 + RESERVED +CVE-2021-34596 + RESERVED +CVE-2021-34595 + RESERVED +CVE-2021-34594 + RESERVED +CVE-2021-34593 + RESERVED +CVE-2021-34592 + RESERVED +CVE-2021-34591 + RESERVED +CVE-2021-34590 + RESERVED +CVE-2021-34589 + RESERVED +CVE-2021-34588 + RESERVED +CVE-2021-34587 + RESERVED +CVE-2021-34586 + RESERVED +CVE-2021-34585 + RESERVED +CVE-2021-34584 + RESERVED +CVE-2021-34583 + RESERVED +CVE-2021-34582 + RESERVED +CVE-2021-34581 + RESERVED +CVE-2021-34580 + RESERVED +CVE-2021-34579 + RESERVED +CVE-2021-34578 + RESERVED +CVE-2021-34577 + RESERVED +CVE-2021-34576 + RESERVED +CVE-2021-34575 + RESERVED +CVE-2021-34574 + RESERVED +CVE-2021-34573 + RESERVED +CVE-2021-34572 + RESERVED +CVE-2021-34571 + RESERVED +CVE-2021-34570 + RESERVED +CVE-2021-34569 + RESERVED +CVE-2021-34568 + RESERVED +CVE-2021-34567 + RESERVED +CVE-2021-34566 + RESERVED +CVE-2021-34565 + RESERVED +CVE-2021-34564 + RESERVED +CVE-2021-34563 + RESERVED +CVE-2021-34562 + RESERVED +CVE-2021-34561 + RESERVED +CVE-2021-34560 + RESERVED +CVE-2021-34559 + RESERVED CVE-2021-3596 RESERVED CVE-2021-3595 @@ -5736,7 +5968,7 @@ CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 1 NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3) CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitialized v ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 CVE-2021-3534 @@ -6134,27 +6366,28 @@ CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When reading a f ...) + {DSA-4930-1} - libwebp 0.6.1-2.1 [stretch] - libwebp (Patch is too destructive to implement it in oldstable. Minor issue) NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391 NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109 CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388 NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386 NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01 CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385 NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383 NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5 @@ -8951,7 +9184,7 @@ CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in - linux 5.10.9-1 NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454 CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6 @@ -8961,16 +9194,16 @@ CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of- NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123 NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105 NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0 CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) - {DLA-2677-1} + {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100 NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ @@ -13611,8 +13844,8 @@ CVE-2021-28816 RESERVED CVE-2021-28815 RESERVED -CVE-2021-28814 - RESERVED +CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...) + TODO: check CVE-2021-28813 RESERVED CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...) @@ -13629,16 +13862,16 @@ CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been repor NOT-FOR-US: QNAP CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...) NOT-FOR-US: QNAP -CVE-2021-28805 - RESERVED +CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...) + TODO: check CVE-2021-28804 RESERVED CVE-2021-28803 RESERVED CVE-2021-28802 RESERVED -CVE-2021-28801 - RESERVED +CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...) + TODO: check CVE-2021-28800 RESERVED CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...) @@ -19918,18 +20151,18 @@ CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vuln NOT-FOR-US: Login Panel of CASAP Automated Enrollment System CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...) NOT-FOR-US: Library System -CVE-2021-26199 - RESERVED -CVE-2021-26198 - RESERVED -CVE-2021-26197 - RESERVED +CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) + TODO: check +CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...) + TODO: check +CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...) + TODO: check CVE-2021-26196 RESERVED -CVE-2021-26195 - RESERVED -CVE-2021-26194 - RESERVED +CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...) + TODO: check +CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) + TODO: check CVE-2021-26193 RESERVED CVE-2021-26192 @@ -21300,14 +21533,11 @@ CVE-2021-25686 RESERVED CVE-2021-25685 RESERVED -CVE-2021-25684 - RESERVED +CVE-2021-25684 (It was discovered that apport in data/apport did not properly open a r ...) NOT-FOR-US: Apport -CVE-2021-25683 - RESERVED +CVE-2021-25683 (It was discovered that the get_starttime() function in data/apport did ...) NOT-FOR-US: Apport -CVE-2021-25682 - RESERVED +CVE-2021-25682 (It was discovered that the get_pid_info() function in data/apport did ...) NOT-FOR-US: Apport CVE-2021-25681 (** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 s ...) NOT-FOR-US: AdTran Personal Phone Manager @@ -24912,8 +25142,8 @@ CVE-2021-24037 RESERVED CVE-2021-24036 RESERVED -CVE-2021-24035 - RESERVED +CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...) + TODO: check CVE-2021-24034 RESERVED CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...) @@ -26454,8 +26684,8 @@ CVE-2021-23395 RESERVED CVE-2021-23394 RESERVED -CVE-2021-23393 - RESERVED +CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the ...) + TODO: check CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...) TODO: check CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...) @@ -57075,16 +57305,16 @@ CVE-2020-23325 RESERVED CVE-2020-23324 RESERVED -CVE-2020-23323 - RESERVED -CVE-2020-23322 - RESERVED -CVE-2020-23321 - RESERVED -CVE-2020-23320 - RESERVED -CVE-2020-23319 - RESERVED +CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...) + TODO: check +CVE-2020-23322 (There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRAC ...) + TODO: check +CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...) + TODO: check +CVE-2020-23320 (There is an Assertion in 'context_p->next_scanner_info_p->type = ...) + TODO: check +CVE-2020-23319 (There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) > ...) + TODO: check CVE-2020-23318 RESERVED CVE-2020-23317 @@ -57093,32 +57323,32 @@ CVE-2020-23316 RESERVED CVE-2020-23315 RESERVED -CVE-2020-23314 - RESERVED -CVE-2020-23313 - RESERVED -CVE-2020-23312 - RESERVED -CVE-2020-23311 - RESERVED -CVE-2020-23310 - RESERVED -CVE-2020-23309 - RESERVED -CVE-2020-23308 - RESERVED +CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...) + TODO: check +CVE-2020-23313 (There is an Assertion 'scope_stack_p > context_p->scope_stack_p' ...) + TODO: check +CVE-2020-23312 (There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCC ...) + TODO: check +CVE-2020-23311 (There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE | ...) + TODO: check +CVE-2020-23310 (There is an Assertion 'context_p->next_scanner_info_p->type == S ...) + TODO: check +CVE-2020-23309 (There is an Assertion 'context_p->stack_depth == context_p->cont ...) + TODO: check +CVE-2020-23308 (There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSI ...) + TODO: check CVE-2020-23307 RESERVED -CVE-2020-23306 - RESERVED +CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...) + TODO: check CVE-2020-23305 RESERVED CVE-2020-23304 RESERVED -CVE-2020-23303 - RESERVED -CVE-2020-23302 - RESERVED +CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...) + TODO: check +CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...) + TODO: check CVE-2020-23301 RESERVED CVE-2020-23300 -- cgit v1.2.3