diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-08-17 20:10:40 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-08-17 20:10:40 +0000 |
commit | b4a9ae8ca395548c716be4ae0c44dc83149a00f6 (patch) | |
tree | 8f1781dd68c653cdf3f8c7eb74455d276dd486f5 /data/CVE | |
parent | cd166c2897c113ba81c3d1bb62b4aee263245f42 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2018 | 2 | ||||
-rw-r--r-- | data/CVE/list.2020 | 24 | ||||
-rw-r--r-- | data/CVE/list.2021 | 154 |
3 files changed, 97 insertions, 83 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 32b49a98f5..ec50215650 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -10595,7 +10595,7 @@ CVE-2018-17367 RESERVED CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability t ...) NOT-FOR-US: MCMS -CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the ...) +CVE-2018-17365 (SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files ...) NOT-FOR-US: SeaCMS CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via t ...) NOT-FOR-US: OTCMS diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 0db4c323ff..8363ce09a3 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -3748,8 +3748,8 @@ CVE-2020-29550 (An issue was discovered in URVE Build 24.03.2020. The password o NOT-FOR-US: URVE CVE-2020-29549 RESERVED -CVE-2020-29548 - RESERVED +CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.0.7537 ...) + TODO: check CVE-2020-29547 RESERVED CVE-2020-29546 @@ -5398,8 +5398,8 @@ CVE-2020-28848 RESERVED CVE-2020-28847 RESERVED -CVE-2020-28846 - RESERVED +CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 ...) + TODO: check CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope 75.0 al ...) NOT-FOR-US: Admin portal for Netskope CVE-2020-28844 @@ -19139,8 +19139,8 @@ CVE-2020-22939 RESERVED CVE-2020-22938 RESERVED -CVE-2020-22937 - RESERVED +CVE-2020-22937 (A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 ...) + TODO: check CVE-2020-22936 RESERVED CVE-2020-22935 @@ -33855,8 +33855,8 @@ CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Dec NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) NOT-FOR-US: ACTi NVR3 Standard Server -CVE-2020-15955 - RESERVED +CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...) + TODO: check CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...) {DLA-2300-1} - kdepim-runtime 4:20.04.1-2 (bug #966666) @@ -61204,8 +61204,8 @@ CVE-2020-4994 RESERVED CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature ...) NOT-FOR-US: IBM -CVE-2020-4992 - RESERVED +CVE-2020-4992 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to ...) + TODO: check CVE-2020-4991 RESERVED CVE-2020-4990 (IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote at ...) @@ -61779,8 +61779,8 @@ CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some NOT-FOR-US: IBM CVE-2020-4707 (IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site s ...) NOT-FOR-US: IBM -CVE-2020-4706 - RESERVED +CVE-2020-4706 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header ...) + TODO: check CVE-2020-4705 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...) NOT-FOR-US: IBM CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 471acfd9d6..bbf503f94e 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,35 @@ +CVE-2021-39245 + RESERVED +CVE-2021-39244 + RESERVED +CVE-2021-39243 + RESERVED +CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) + TODO: check +CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...) + TODO: check +CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) + TODO: check +CVE-2021-39239 + RESERVED +CVE-2021-39238 + RESERVED +CVE-2021-39237 + RESERVED +CVE-2021-39236 + RESERVED +CVE-2021-39235 + RESERVED +CVE-2021-39234 + RESERVED +CVE-2021-39233 + RESERVED +CVE-2021-39232 + RESERVED +CVE-2021-39231 + RESERVED +CVE-2021-3713 + RESERVED CVE-2021-XXXX [HTTP/2 vulnerabilities from 2.0 to 2.5-dev] - haproxy <unfixed> [bullseye] - haproxy 2.2.9-2+deb11u1 @@ -3263,7 +3295,7 @@ CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to NOT-FOR-US: Shopware CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware -CVE-2021-37707 (### Impact Manipulation of product reviews via API ### Patches We reco ...) +CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37706 RESERVED @@ -6711,8 +6743,8 @@ CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile NOT-FOR-US: Echo ShareCare CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...) NOT-FOR-US: Echo ShareCare -CVE-2021-3633 - RESERVED +CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...) + TODO: check CVE-2021-36120 RESERVED CVE-2021-36119 @@ -8123,8 +8155,8 @@ CVE-2021-35494 RESERVED CVE-2021-35493 RESERVED -CVE-2021-3619 - RESERVED +CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...) + TODO: check CVE-2021-35492 RESERVED CVE-2021-35491 @@ -8187,12 +8219,12 @@ CVE-2021-3618 NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname. NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2 NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html -CVE-2021-3617 - RESERVED -CVE-2021-3616 - RESERVED -CVE-2021-3615 - RESERVED +CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + TODO: check +CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + TODO: check +CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + TODO: check CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...) NOT-FOR-US: Lenovo CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...) @@ -10573,7 +10605,7 @@ CVE-2021-34409 CVE-2021-34408 RESERVED CVE-2021-34407 - RESERVED + REJECTED CVE-2021-34406 RESERVED CVE-2021-34405 @@ -14160,10 +14192,10 @@ CVE-2021-32832 RESERVED CVE-2021-32831 RESERVED -CVE-2021-32830 - RESERVED -CVE-2021-32829 - RESERVED +CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...) + TODO: check +CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...) + TODO: check CVE-2021-32828 RESERVED CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...) @@ -22921,8 +22953,8 @@ CVE-2021-29315 RESERVED CVE-2021-29314 RESERVED -CVE-2021-29313 - RESERVED +CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...) + TODO: check CVE-2021-29312 RESERVED CVE-2021-29311 @@ -23459,10 +23491,10 @@ CVE-2021-29083 (Improper neutralization of special elements used in an OS comman NOT-FOR-US: Synology CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...) NOT-FOR-US: Motorola MH702x devices -CVE-2021-3459 - RESERVED -CVE-2021-3458 - RESERVED +CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...) + TODO: check +CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...) + TODO: check CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: NETGEAR CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) @@ -23525,8 +23557,8 @@ CVE-2021-29058 RESERVED CVE-2021-29057 RESERVED -CVE-2021-29056 - RESERVED +CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via ...) + TODO: check CVE-2021-29055 RESERVED CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...) @@ -30869,10 +30901,10 @@ CVE-2021-25959 RESERVED CVE-2021-25958 RESERVED -CVE-2021-25957 - RESERVED -CVE-2021-25956 - RESERVED +CVE-2021-25957 (In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerabl ...) + TODO: check +CVE-2021-25956 (In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 ...) + TODO: check CVE-2021-25955 (In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v1 ...) - dolibarr <removed> NOTE: https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e @@ -32633,8 +32665,8 @@ CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connec NOT-FOR-US: Sophos Connect Client CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...) NOT-FOR-US: Sophos -CVE-2021-25263 - RESERVED +CVE-2021-25263 (Clickhouse prior to versions v20.8.18.32-lts, v21.1.9.41-stable, v21.2 ...) + TODO: check CVE-2021-25262 RESERVED CVE-2021-25261 @@ -39458,8 +39490,8 @@ CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly Observ NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...) NOT-FOR-US: Proofpoint Insider Threat Management Server -CVE-2021-22156 - RESERVED +CVE-2021-22156 (An integer overflow vulnerability in the calloc() function of the C ru ...) + TODO: check CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...) NOT-FOR-US: BlackBerry Workspaces Server CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...) @@ -40135,8 +40167,8 @@ CVE-2021-21834 RESERVED CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...) NOT-FOR-US: Accusoft ImageGear -CVE-2021-21832 - RESERVED +CVE-2021-21832 (A VULNERABILITY_CLASS vulnerability exists in the FEATURE functionalit ...) + TODO: check CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) @@ -48628,27 +48660,21 @@ CVE-2021-0648 RESERVED CVE-2021-0647 RESERVED -CVE-2021-0646 - RESERVED +CVE-2021-0646 (In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bound ...) NOT-FOR-US: Android -CVE-2021-0645 - RESERVED +CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-0644 RESERVED CVE-2021-0643 RESERVED -CVE-2021-0642 - RESERVED +CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...) NOT-FOR-US: Android -CVE-2021-0641 - RESERVED +CVE-2021-0641 (In getAvailableSubscriptionInfoList of SubscriptionController.java, th ...) NOT-FOR-US: Android -CVE-2021-0640 - RESERVED +CVE-2021-0640 (In noteAtomLogged of StatsdStats.cpp, there is a possible out of bound ...) NOT-FOR-US: Android -CVE-2021-0639 - RESERVED +CVE-2021-0639 (In multiple functions of libl3oemcrypto.cpp, there is a possible weakn ...) NOT-FOR-US: Widevine CVE-2021-0638 RESERVED @@ -48744,13 +48770,11 @@ CVE-2021-0595 RESERVED CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...) NOT-FOR-US: Android -CVE-2021-0593 - RESERVED +CVE-2021-0593 (In sendDevicePickedIntent of DevicePickerFragment.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...) NOT-FOR-US: Widevine -CVE-2021-0591 - RESERVED +CVE-2021-0591 (In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, ther ...) NOT-FOR-US: Android CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...) NOT-FOR-US: Android @@ -48764,38 +48788,29 @@ CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way NOT-FOR-US: Android CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...) NOT-FOR-US: Android -CVE-2021-0584 - RESERVED +CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2021-0583 RESERVED -CVE-2021-0582 - RESERVED +CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0581 - RESERVED +CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0580 - RESERVED +CVE-2021-0580 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0579 - RESERVED +CVE-2021-0579 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0578 - RESERVED +CVE-2021-0578 (In wifi driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0576 - RESERVED +CVE-2021-0576 (In flv extractor, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0575 RESERVED -CVE-2021-0574 - RESERVED +CVE-2021-0574 (In asf extractor, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0573 - RESERVED +CVE-2021-0573 (In asf extractor, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: MediaTek components for Android CVE-2021-0572 (In doNotification of AccountManagerService.java, there is a possible p ...) NOT-FOR-US: Android @@ -48903,8 +48918,7 @@ CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible i NOT-FOR-US: Android CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there ...) NOT-FOR-US: Android media framework -CVE-2021-0519 - RESERVED +CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...) NOT-FOR-US: Google Play CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...) NOT-FOR-US: Android |