diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-15 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-15 20:10:22 +0000 |
commit | 50f8455d7061990662616a278a087e15b5d10713 (patch) | |
tree | 256ff589496716809b6002e9b034bf7c16c0c518 | |
parent | 01d5bb9a2bbdddfffe24805b6cc91ae04e310e6a (diff) |
automatic update
-rw-r--r-- | data/CVE/list.2011 | 2 | ||||
-rw-r--r-- | data/CVE/list.2015 | 2 | ||||
-rw-r--r-- | data/CVE/list.2016 | 4 | ||||
-rw-r--r-- | data/CVE/list.2017 | 4 | ||||
-rw-r--r-- | data/CVE/list.2018 | 2 | ||||
-rw-r--r-- | data/CVE/list.2020 | 47 | ||||
-rw-r--r-- | data/CVE/list.2021 | 56 |
7 files changed, 65 insertions, 52 deletions
diff --git a/data/CVE/list.2011 b/data/CVE/list.2011 index ee97c0f9f6..2dd7e8139d 100644 --- a/data/CVE/list.2011 +++ b/data/CVE/list.2011 @@ -15,7 +15,7 @@ CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/5 CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-1 (bug #802702) [wheezy] - busybox <no-dsa> (Minor issue) [squeeze] - busybox <no-dsa> (Minor issue) diff --git a/data/CVE/list.2015 b/data/CVE/list.2015 index 0402a0c9c7..1f34699185 100644 --- a/data/CVE/list.2015 +++ b/data/CVE/list.2015 @@ -5005,7 +5005,7 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti NOTE: http://www.ocert.org/advisories/ocert-2015-012.html NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox befor ...) - {DLA-1445-1 DLA-337-1} + {DLA-2559-1 DLA-1445-1 DLA-337-1} - busybox 1:1.27.2-1 (bug #803097) NOTE: https://www.openwall.com/lists/oss-security/2015/10/25/3 NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index b01c449cd3..e21273c8ba 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -26758,12 +26758,12 @@ CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitr CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...) NOT-FOR-US: OpenShift CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox befo ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-1 (bug #818497) [wheezy] - busybox <no-dsa> (Minor issue) NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2 CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-1 (bug #818499) [wheezy] - busybox <no-dsa> (Minor issue) NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87 diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index ece82e5c55..36725a59c0 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -7002,7 +7002,7 @@ CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3. NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-2 (bug #882258) [wheezy] - busybox <no-dsa> (Minor issue) NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ @@ -8675,7 +8675,7 @@ CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2. ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-2 (bug #879732) [wheezy] - busybox <no-dsa> (Minor issue) NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0 diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index c95f834ab4..dfd8b00dba 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -22707,7 +22707,7 @@ CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerabi CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling o ...) NOT-FOR-US: aaugustin websockets CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-3 (low; bug #902724) NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper N ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 123f16aedf..c04d9ee01b 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1096,8 +1096,8 @@ CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by comma NOT-FOR-US: Netgear CVE-2020-35776 RESERVED -CVE-2020-35775 - RESERVED +CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...) + TODO: check CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...) NOT-FOR-US: Twitter TwitterServer CVE-2020-35773 (The site-offline plugin before 1.4.4 for WordPress lacks certain wp_cr ...) @@ -1732,8 +1732,7 @@ CVE-2020-35513 (A flaw incorrect umask during file or directory modification in [stretch] - linux <not-affected> (Vulnerable code introduce later) NOTE: https://git.kernel.org/linus/880a3a5325489a143269a8e172e7563ebf9897bc NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1911309 -CVE-2020-35512 - RESERVED +CVE-2020-35512 (A use-after-free flaw was found in D-Bus 1.12.20 when a system has mul ...) - dbus 1.12.20-1 [buster] - dbus 1.12.20-0+deb10u1 [stretch] - dbus 1.10.32-0+deb9u1 @@ -1812,6 +1811,7 @@ CVE-2020-35499 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910048 NOTE: https://git.kernel.org/linus/f6b8c6b5543983e9de29dc14716bfa4eb3f157c4 CVE-2020-35498 (A vulnerability was found in openvswitch. A limitation in the implemen ...) + {DSA-4852-1} - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bug #982493) NOTE: master: https://github.com/openvswitch/ovs/commit/79349cbab0b2a755140eedb91833ad2760520a83 NOTE: 2.15: https://github.com/openvswitch/ovs/commit/0625dc79aec73b966f206e55655a2816696246d0 @@ -4222,8 +4222,8 @@ CVE-2020-29033 RESERVED CVE-2020-29032 RESERVED -CVE-2020-29031 - RESERVED +CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...) + TODO: check CVE-2020-29030 RESERVED CVE-2020-29029 @@ -4232,8 +4232,8 @@ CVE-2020-29028 RESERVED CVE-2020-29027 RESERVED -CVE-2020-29026 - RESERVED +CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...) + TODO: check CVE-2020-29025 RESERVED CVE-2020-29024 @@ -5398,8 +5398,8 @@ CVE-2020-28502 RESERVED CVE-2020-28501 RESERVED -CVE-2020-28500 - RESERVED +CVE-2020-28500 (All versions of package lodash; all versions of package org.fujion.web ...) + TODO: check CVE-2020-28499 RESERVED CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...) @@ -5454,7 +5454,8 @@ CVE-2020-28478 (This affects the package gsap before 3.6.0. ...) NOT-FOR-US: Node gsap CVE-2020-28477 (This affects all versions of package immer. ...) NOT-FOR-US: Node immer -CVE-2020-28476 (All versions of package tornado are vulnerable to Web Cache Poisoning ...) +CVE-2020-28476 + REJECTED - python-tornado <unfixed> [buster] - python-tornado <no-dsa> (Minor issue) [stretch] - python-tornado <no-dsa> (Minor issue) @@ -13876,8 +13877,8 @@ CVE-2020-24901 (The default installation of Krpano Panorama Viewer version <= NOT-FOR-US: Krpano Panorama Viewer CVE-2020-24900 (The default installation of Krpano Panorama Viewer version <=1.20.8 ...) NOT-FOR-US: Krpano Panorama Viewer -CVE-2020-24899 - RESERVED +CVE-2020-24899 (Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerabi ...) + TODO: check CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...) NOT-FOR-US: Confluence Server app for Atlassian Confluence CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...) @@ -19001,12 +19002,12 @@ CVE-2020-22429 RESERVED CVE-2020-22428 RESERVED -CVE-2020-22427 - RESERVED +CVE-2020-22427 (NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerabi ...) + TODO: check CVE-2020-22426 RESERVED -CVE-2020-22425 - RESERVED +CVE-2020-22425 (Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, whe ...) + TODO: check CVE-2020-22424 RESERVED CVE-2020-22423 @@ -59752,12 +59753,12 @@ CVE-2020-4958 (IBM Security Identity Governance and Intelligence 5.2.6 does not NOT-FOR-US: IBM CVE-2020-4957 RESERVED -CVE-2020-4956 - RESERVED -CVE-2020-4955 - RESERVED -CVE-2020-4954 - RESERVED +CVE-2020-4956 (IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a ...) + TODO: check +CVE-2020-4955 (IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote ...) + TODO: check +CVE-2020-4954 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...) + TODO: check CVE-2020-4953 RESERVED CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 909827a26e..cf894d4b7a 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,15 @@ +CVE-2021-27223 + RESERVED +CVE-2021-27222 + RESERVED +CVE-2021-27221 + RESERVED +CVE-2021-27220 + RESERVED +CVE-2021-27217 + RESERVED +CVE-2021-27216 + RESERVED CVE-2021-27215 RESERVED CVE-2021-27214 @@ -9,8 +21,8 @@ CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an asse NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454 NOTE: trunk: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0 NOTE: REL_ENG 2.4.x: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30 -CVE-2021-27211 - RESERVED +CVE-2021-27211 (steghide 0.5.1 relies on a certain 32-bit seed value, which makes it e ...) + TODO: check CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...) NOT-FOR-US: TP-Link CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221 devices, ...) @@ -36,8 +48,8 @@ CVE-2021-27202 CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file] - spip 3.2.9-1 TODO: needs possibly CVE requests for individual issues -CVE-2021-27201 - RESERVED +CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...) + TODO: check CVE-2021-27200 RESERVED CVE-2021-27199 @@ -808,10 +820,10 @@ CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hy - rust-hyper <unfixed> NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html -CVE-2021-27218 [Integer overflow in g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms] +CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before ...) - glib2.0 2.66.7-1 (bug #982779) NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 -CVE-2021-27219 [GHSL-2021-045: integer overflow in g_bytes_new/g_memdup] +CVE-2021-27219 (An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before ...) - glib2.0 2.66.6-1 (bug #982778) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319 CVE-2021-26842 @@ -1506,8 +1518,8 @@ CVE-2021-3377 RESERVED CVE-2021-3376 RESERVED -CVE-2021-3375 - RESERVED +CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...) + TODO: check CVE-2021-3374 RESERVED CVE-2021-3373 @@ -4477,14 +4489,14 @@ CVE-2021-25301 RESERVED CVE-2021-25300 RESERVED -CVE-2021-25299 - RESERVED -CVE-2021-25298 - RESERVED -CVE-2021-25297 - RESERVED -CVE-2021-25296 - RESERVED +CVE-2021-25299 (Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). ...) + TODO: check +CVE-2021-25298 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) + TODO: check +CVE-2021-25297 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) + TODO: check +CVE-2021-25296 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) + TODO: check CVE-2021-25295 (OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issue ...) NOT-FOR-US: OpenCATS CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity re ...) @@ -8619,12 +8631,12 @@ CVE-2021-23340 RESERVED CVE-2021-23339 RESERVED -CVE-2021-23338 - RESERVED -CVE-2021-23337 - RESERVED -CVE-2021-23336 - RESERVED +CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...) + TODO: check +CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...) + TODO: check +CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...) + TODO: check CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...) NOT-FOR-US: Node is-user-valid CVE-2021-23334 (All versions of package static-eval are vulnerable to Arbitrary Code E ...) |