diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-12-28 20:10:24 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-12-28 20:10:24 +0000 |
commit | 86b9ffb9983f88da5f966fed3e0db077f6d36c3e (patch) | |
tree | 8373bf68ac77285fd4de8752ed781cd2fc66565b /data/CVE | |
parent | bd3d515ca9bb95ef4a987903e26012b693ff1054 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2016 | 4 | ||||
-rw-r--r-- | data/CVE/list.2018 | 8 | ||||
-rw-r--r-- | data/CVE/list.2019 | 16 | ||||
-rw-r--r-- | data/CVE/list.2021 | 94 |
4 files changed, 66 insertions, 56 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 3d64cf9289..a77257c409 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -22032,7 +22032,7 @@ CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict acces CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allo ...) NOT-FOR-US: Red Hat / JBoss Operations Network server CVE-2016-3736 - RESERVED + REJECTED CVE-2016-3735 RESERVED CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...) @@ -23615,7 +23615,7 @@ CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow NOTE: MongoDB 2.4 installation with authentication enabled, upgraded NOTE: to 2.6, and did not complete a full upgrade CVE-2016-3103 - RESERVED + REJECTED CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow remote ...) - jenkins <removed> CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns plugin b ...) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index d8cc0ed6f9..9e675c2bf0 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -8953,7 +8953,7 @@ CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to vers NOTE: https://github.com/pyca/pyopenssl/pull/723 NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...) - {DLA-1556-1} + {DLA-2860-1 DLA-1556-1} - paramiko 2.4.2-0.1 (bug #910760) NOTE: https://github.com/paramiko/paramiko/issues/1283 NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce @@ -9414,8 +9414,8 @@ CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ether NOT-FOR-US: Greedy 599 CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...) NOT-FOR-US: Coaster CMS -CVE-2018-17875 - RESERVED +CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio 8800 5. ...) + TODO: check CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...) NOT-FOR-US: ExpressionEngine CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of ...) @@ -35629,7 +35629,7 @@ CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through - libav <not-affected> (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...) - {DLA-1556-1} + {DLA-2860-1 DLA-1556-1} - paramiko 2.4.2-0.1 (bug #892859) [wheezy] - paramiko <no-dsa> (Minor issue) NOTE: https://github.com/paramiko/paramiko/issues/1175 diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 498646550e..057d3c4012 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -2433,8 +2433,8 @@ CVE-2019-20084 RESERVED CVE-2019-20083 RESERVED -CVE-2019-20082 - RESERVED +CVE-2019-20082 (ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long ...) + TODO: check CVE-2019-20081 RESERVED CVE-2019-20080 @@ -6048,7 +6048,7 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin [jessie] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78 CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...) - {DLA-2667-1 DLA-1985-1} + {DSA-5032-1 DLA-2667-1 DLA-1985-1} - djvulibre 3.5.27.1-14 (bug #945114) NOTE: https://sourceforge.net/p/djvu/bugs/309/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/ @@ -14967,22 +14967,22 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GP CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...) NOT-FOR-US: gpmf-parser CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...) - {DLA-2667-1 DLA-1902-1} + {DSA-5032-1 DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) NOTE: https://sourceforge.net/p/djvu/bugs/298/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/ CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...) - {DLA-2667-1 DLA-1902-1} + {DSA-5032-1 DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) NOTE: https://sourceforge.net/p/djvu/bugs/299/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/ CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...) - {DLA-2667-1 DLA-1902-1} + {DSA-5032-1 DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) NOTE: https://sourceforge.net/p/djvu/bugs/297/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/ CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...) - {DLA-2667-1 DLA-1902-1} + {DSA-5032-1 DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) NOTE: https://sourceforge.net/p/djvu/bugs/296/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/ @@ -36347,7 +36347,7 @@ CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows CVE-2019-7650 RESERVED CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...) - {DLA-1717-1} + {DLA-2861-1 DLA-1717-1} - rdflib 4.2.2-2 (low; bug #921751) NOTE: Debian specific issue as respective scripts are overwritten in Debian NOTE: packaging as wrappers invoking python -m. diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 5f6eac0c47..3726e21231 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,13 @@ +CVE-2021-45913 + RESERVED +CVE-2021-45912 + RESERVED +CVE-2021-44775 + RESERVED +CVE-2021-44465 + RESERVED +CVE-2021-4187 + RESERVED CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) - gif2apng <unfixed> (bug #1002687) CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) @@ -16,8 +26,8 @@ CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. .. NOT-FOR-US: OpenWrt CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...) NOT-FOR-US: OpenWrt -CVE-2021-45903 - RESERVED +CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...) + TODO: check CVE-2021-45902 RESERVED CVE-2021-45901 @@ -206,12 +216,12 @@ CVE-2021-45816 RESERVED CVE-2021-45815 RESERVED -CVE-2021-45814 - RESERVED -CVE-2021-45813 - RESERVED -CVE-2021-45812 - RESERVED +CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...) + TODO: check +CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...) + TODO: check +CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...) + TODO: check CVE-2021-45811 RESERVED CVE-2021-45810 @@ -372,8 +382,8 @@ CVE-2021-45733 RESERVED CVE-2021-4180 RESERVED -CVE-2021-4179 - RESERVED +CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + TODO: check CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...) TODO: check CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) @@ -1145,8 +1155,8 @@ CVE-2021-45427 RESERVED CVE-2021-45426 RESERVED -CVE-2021-45425 - RESERVED +CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...) + TODO: check CVE-2021-45424 RESERVED CVE-2021-45423 @@ -1882,7 +1892,7 @@ CVE-2021-XXXX [Fix possible privilege escalation] [bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release) [buster] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1) -CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) di ...) +CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...) {DSA-5024-1 DLA-2852-1} - apache-log4j2 2.17.0-1 (bug #1001891) NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105 @@ -1979,7 +1989,7 @@ CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with th NOTE: https://jira.qos.ch/browse/LOGBACK-1591 NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8) CVE-2021-44771 - RESERVED + REJECTED CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) - janus <unfixed> (unimportant) NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190 @@ -1992,7 +2002,7 @@ CVE-2021-4122 CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: yetiforcecrm CVE-2021-23151 - RESERVED + REJECTED CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...) - linux <unfixed> (unimportant) [bullseye] - linux <not-affected> (Vulnerable code not present) @@ -4145,7 +4155,7 @@ CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Wind NOT-FOR-US: Burp Suite (different from src:burp) CVE-2021-44229 RESERVED -CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI ...) +CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...) {DSA-5020-1 DLA-2842-1} - apache-log4j2 2.15.0-1 (bug #1001478) - apache-log4j1.2 <not-affected> (Vulnerable code not present) @@ -5854,12 +5864,12 @@ CVE-2021-3941 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed CVE-2021-3940 RESERVED -CVE-2021-43556 - RESERVED +CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...) + TODO: check CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...) NOT-FOR-US: mySCADA myDESIGNER -CVE-2021-43554 - RESERVED +CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an ...) + TODO: check CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...) NOT-FOR-US: OSIsoft CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the ...) @@ -8179,8 +8189,8 @@ CVE-2021-42585 RESERVED CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...) NOT-FOR-US: Convos-Chat -CVE-2021-42583 - RESERVED +CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy ...) + TODO: check CVE-2021-42582 RESERVED CVE-2021-42581 @@ -12966,8 +12976,8 @@ CVE-2021-40581 RESERVED CVE-2021-40580 RESERVED -CVE-2021-40579 - RESERVED +CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...) + TODO: check CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was ...) NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) @@ -20727,10 +20737,10 @@ CVE-2021-3660 [bullseye] - cockpit <ignored> (Minor issue) [buster] - cockpit <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688 -CVE-2021-37401 - RESERVED -CVE-2021-37400 - RESERVED +CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...) + TODO: check +CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...) + TODO: check CVE-2021-37399 RESERVED CVE-2021-37398 @@ -24057,7 +24067,7 @@ CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2. CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...) NOT-FOR-US: Western Digital CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...) - {DLA-2702-1} + {DSA-5032-1 DLA-2702-1} - djvulibre 3.5.27.1-12 NOTE: https://sourceforge.net/p/djvu/bugs/302/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/ @@ -26134,10 +26144,10 @@ CVE-2021-35034 RESERVED CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...) NOT-FOR-US: Zyxel -CVE-2021-35032 - RESERVED -CVE-2021-35031 - RESERVED +CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...) + TODO: check +CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...) + TODO: check CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...) NOT-FOR-US: Zyxel CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...) @@ -32246,22 +32256,22 @@ CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhos CVE-2021-3542 REJECTED CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...) - {DLA-2667-1} + {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12) CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...) - {DLA-2667-1} + {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10) CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...) - {DLA-2667-1} + {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9) CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...) - {DLA-2667-1} + {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8) @@ -34972,7 +34982,7 @@ CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8) CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...) - {DLA-2667-1} + {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 (bug #988215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685 NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch @@ -54761,8 +54771,8 @@ CVE-2021-3097 RESERVED CVE-2021-3096 RESERVED -CVE-2021-3095 - RESERVED +CVE-2021-3095 (A remote attacker with write access to PI Vision could inject code int ...) + TODO: check CVE-2021-3094 RESERVED CVE-2021-3093 @@ -54771,8 +54781,8 @@ CVE-2021-3092 RESERVED CVE-2021-3091 RESERVED -CVE-2021-3090 - RESERVED +CVE-2021-3090 (PI Vision could disclose information to a user with insufficient privi ...) + TODO: check CVE-2021-3089 RESERVED CVE-2021-3088 |