diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-05-27 20:10:26 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-05-27 20:10:26 +0000 |
commit | c44362f7a2c0df5f3df5ba29a8ee975dea7045e0 (patch) | |
tree | b7ce24b9371b84dcc25b0144e416c3c17be055a4 /data | |
parent | b8d16ec349371b9b5dd7648757205f3f5e0df494 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2008 | 3 | ||||
-rw-r--r-- | data/CVE/list.2020 | 90 | ||||
-rw-r--r-- | data/CVE/list.2021 | 183 |
3 files changed, 141 insertions, 135 deletions
diff --git a/data/CVE/list.2008 b/data/CVE/list.2008 index f58e6b4506..ec8c35cea0 100644 --- a/data/CVE/list.2008 +++ b/data/CVE/list.2008 @@ -11250,8 +11250,7 @@ CVE-2008-2546 REJECTED CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sens ...) NOT-FOR-US: Skype -CVE-2008-2544 - RESERVED +CVE-2008-2544 (Mounting /proc filesystem via chroot command silently mounts it in rea ...) - linux <unfixed> (unimportant) NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22 CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and As ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index db1ebae045..938e1523fd 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -7420,8 +7420,7 @@ CVE-2020-27834 [attacker can send the same request over and over again without c NOTE: very scarce/incomplete CVE request from http://almorabea.net/cves/zabbix.txt CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in openshift-clien ...) NOT-FOR-US: OpenShift -CVE-2020-27832 - RESERVED +CVE-2020-27832 (A flaw was found in Red Hat Quay, where it has a persistent Cross-site ...) NOT-FOR-US: Quay CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly protect t ...) NOT-FOR-US: Quay @@ -20472,32 +20471,32 @@ CVE-2020-22036 RESERVED CVE-2020-22035 RESERVED -CVE-2020-22034 - RESERVED -CVE-2020-22033 - RESERVED -CVE-2020-22032 - RESERVED -CVE-2020-22031 - RESERVED -CVE-2020-22030 - RESERVED -CVE-2020-22029 - RESERVED +CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 atlibavfi ...) + TODO: check +CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...) + TODO: check +CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) + TODO: check +CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) + TODO: check +CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) + TODO: check +CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) + TODO: check CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...) TODO: check -CVE-2020-22027 - RESERVED +CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...) + TODO: check CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...) TODO: check -CVE-2020-22025 - RESERVED +CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...) + TODO: check CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...) TODO: check -CVE-2020-22023 - RESERVED -CVE-2020-22022 - RESERVED +CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...) + TODO: check +CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) + TODO: check CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...) TODO: check CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...) @@ -20509,10 +20508,10 @@ CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10b TODO: check CVE-2020-22018 RESERVED -CVE-2020-22017 - RESERVED -CVE-2020-22016 - RESERVED +CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...) + TODO: check +CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...) + TODO: check CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...) - ffmpeg <unfixed> [bullseye] - ffmpeg <ignored> (Minor issue) @@ -28126,10 +28125,10 @@ CVE-2020-18232 RESERVED CVE-2020-18231 RESERVED -CVE-2020-18230 - RESERVED -CVE-2020-18229 - RESERVED +CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) + TODO: check +CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) + TODO: check CVE-2020-18228 RESERVED CVE-2020-18227 @@ -29588,8 +29587,8 @@ CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0. - cassandra <itp> (bug #585905) CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...) - airflow <itp> (bug #819700) -CVE-2020-17514 - RESERVED +CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ...) + TODO: check CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...) - airflow <itp> (bug #819700) CVE-2020-17512 @@ -42244,8 +42243,7 @@ CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWo CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...) - firefox <not-affected> (Specific to iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404 -CVE-2020-12403 - RESERVED +CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...) {DLA-2388-1} - nss 2:3.55-1 [buster] - nss <no-dsa> (Minor issue) @@ -46536,8 +46534,7 @@ CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it is NOT-FOR-US: Keycloak CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine versions 4.4 ...) NOT-FOR-US: ovirt-engine -CVE-2020-10774 - RESERVED +CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's versions befo ...) - linux <not-affected> (Red Hat-specific patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964 CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...) @@ -46733,8 +46730,7 @@ CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14364 NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb) -CVE-2020-10729 [two random password lookups in same task return same value] - RESERVED +CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...) - ansible 2.9.6+dfsg-1 [buster] - ansible <no-dsa> (Minor issue) [jessie] - ansible <not-affected> (Vulnerable code introduced later, no variables template caching) @@ -46789,8 +46785,7 @@ CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file syst [jessie] - qemu <not-affected> (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html -CVE-2020-10716 - RESERVED +CVE-2020-10716 (A flaw was found in Red Hat Satellite's Job Invocation, where the "Use ...) NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...) NOT-FOR-US: Openshift Web Console @@ -46812,8 +46807,7 @@ CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2 CVE-2020-10710 RESERVED -CVE-2020-10709 - RESERVED +CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...) - ansible-awx <itp> (bug #908763) NOTE: https://github.com/ansible/awx/issues/6630 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033 @@ -46848,8 +46842,7 @@ CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Au [jessie] - qemu <not-affected> (Vulnerable code introduced later) - qemu-kvm <not-affected> (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) -CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] - RESERVED +CVE-2020-10701 (A missing authorization flaw was found in the libvirt API responsible ...) - libvirt 6.0.0-7 (bug #955841) [buster] - libvirt <not-affected> (Vulnerable code introduced later) [stretch] - libvirt <not-affected> (Vulnerable code introduced later) @@ -46868,11 +46861,9 @@ CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2 NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162 NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50) NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d -CVE-2020-10698 - RESERVED +CVE-2020-10698 (A flaw was found in Ansible Tower when running jobs. This flaw allows ...) NOT-FOR-US: Ansible Tower -CVE-2020-10697 - RESERVED +CVE-2020-10697 (A flaw was found in Ansible Tower when running Openshift. Tower runs a ...) NOT-FOR-US: Ansible Tower CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) - golang-github-containers-buildah 1.11.6-2 @@ -46907,8 +46898,7 @@ CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...) NOT-FOR-US: Eclipse Che -CVE-2020-10688 - RESERVED +CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...) - resteasy <unfixed> (bug #970328) - resteasy3.0 <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 3d0e675b30..0cd1b1fe61 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,33 @@ +CVE-2021-33603 + RESERVED +CVE-2021-33602 + RESERVED +CVE-2021-33601 + RESERVED +CVE-2021-33600 + RESERVED +CVE-2021-33599 + RESERVED +CVE-2021-33598 + RESERVED +CVE-2021-33597 + RESERVED +CVE-2021-33596 + RESERVED +CVE-2021-33595 + RESERVED +CVE-2021-33594 + RESERVED +CVE-2021-33593 + RESERVED +CVE-2021-33592 + RESERVED +CVE-2021-33591 + RESERVED +CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...) + TODO: check +CVE-2021-33589 + RESERVED CVE-2021-33588 RESERVED CVE-2021-33587 @@ -73,8 +103,8 @@ CVE-2021-33560 RESERVED CVE-2021-33559 RESERVED -CVE-2021-33558 - RESERVED +CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...) + TODO: check CVE-2021-33557 RESERVED CVE-2021-33556 @@ -415,8 +445,8 @@ CVE-2021-33396 RESERVED CVE-2021-33395 RESERVED -CVE-2021-33394 - RESERVED +CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...) + TODO: check CVE-2021-33393 RESERVED CVE-2021-33392 @@ -820,8 +850,7 @@ CVE-2021-33202 RESERVED CVE-2021-33201 RESERVED -CVE-2021-33200 - RESERVED +CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...) - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code not present) [stretch] - linux <not-affected> (Vulnerable code not present) @@ -2015,12 +2044,12 @@ CVE-2021-32647 RESERVED CVE-2021-32646 RESERVED -CVE-2021-32645 - RESERVED +CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...) + TODO: check CVE-2021-32644 RESERVED -CVE-2021-32643 - RESERVED +CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...) + TODO: check CVE-2021-32642 [add result validation to dyndisc example scripts] RESERVED - radsecproxy 1.8.2-4 (unimportant) @@ -2501,10 +2530,10 @@ CVE-2021-32461 RESERVED CVE-2021-32460 RESERVED -CVE-2021-32459 - RESERVED -CVE-2021-32458 - RESERVED +CVE-2021-32459 (A hard-coded password vulnerability exists in the SFTP Log Collection ...) + TODO: check +CVE-2021-32458 (A privilege escalation vulnerability exists in the tdts.ko chrdev_ioct ...) + TODO: check CVE-2021-32457 (A privilege escalation vulnerability exists in the tdts.ko chrdev_ioct ...) NOT-FOR-US: Trend Micro CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) @@ -4001,8 +4030,7 @@ CVE-2021-31810 RESERVED CVE-2021-31809 RESERVED -CVE-2021-31808 - RESERVED +CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) - squid <unfixed> (bug #989043) - squid3 <removed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 @@ -4013,8 +4041,7 @@ CVE-2021-31807 - squid3 <removed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch -CVE-2021-31806 - RESERVED +CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) - squid <unfixed> (bug #989043) - squid3 <removed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 @@ -4563,8 +4590,7 @@ CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index. NOT-FOR-US: SIS-REWE Go CVE-2021-31536 RESERVED -CVE-2021-31535 - RESERVED +CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...) {DSA-4920-1 DLA-2666-1} - libx11 2:1.7.1-1 (bug #988737) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605 @@ -4590,8 +4616,7 @@ CVE-2021-31527 RESERVED CVE-2021-31526 RESERVED -CVE-2021-31525 [net/http: ReadRequest can stack overflow] - RESERVED +CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...) - golang-1.16 1.16.4-1 - golang-1.15 1.15.9-2 - golang-1.11 <removed> @@ -5461,16 +5486,13 @@ CVE-2021-31157 RESERVED CVE-2021-31156 RESERVED -CVE-2021-31155 - RESERVED +CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 -CVE-2021-31154 - RESERVED +CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 -CVE-2021-31153 - RESERVED +CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...) @@ -7055,8 +7077,7 @@ CVE-2021-30467 RESERVED CVE-2021-30466 RESERVED -CVE-2021-30465 - RESERVED +CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...) - runc 1.0.0~rc93+ds1-5 (bug #988768) NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2 NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r @@ -11258,8 +11279,7 @@ CVE-2021-28664 (The Arm Mali GPU kernel driver allows privilege escalation or a NOT-FOR-US: ARM components for Android CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or informat ...) NOT-FOR-US: ARM components for Android -CVE-2021-28662 - RESERVED +CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...) - squid <unfixed> (bug #988891) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch @@ -11310,14 +11330,12 @@ CVE-2021-28654 RESERVED CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital G-Technolo ...) NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology ArmorLock NVMe SSD -CVE-2021-28652 - RESERVED +CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) - squid <unfixed> (bug #988892) - squid3 <removed> NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch -CVE-2021-28651 - RESERVED +CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) - squid <unfixed> (bug #988893) - squid3 <removed> NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 @@ -13938,24 +13956,24 @@ CVE-2021-27498 RESERVED CVE-2021-27497 RESERVED -CVE-2021-27496 - RESERVED +CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + TODO: check CVE-2021-27495 RESERVED -CVE-2021-27494 - RESERVED +CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + TODO: check CVE-2021-27493 RESERVED -CVE-2021-27492 - RESERVED +CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...) + TODO: check CVE-2021-27491 RESERVED -CVE-2021-27490 - RESERVED +CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + TODO: check CVE-2021-27489 RESERVED -CVE-2021-27488 - RESERVED +CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + TODO: check CVE-2021-27487 RESERVED CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...) @@ -14505,7 +14523,7 @@ CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. NOT-FOR-US: Mutare Voice (EVM) CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...) NOT-FOR-US: Pelco Digital Sentry Server -CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...) +CVE-2021-27231 (Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, ...) NOT-FOR-US: Hestia Control Panel CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...) NOT-FOR-US: ExpressionEngine @@ -24397,16 +24415,16 @@ CVE-2021-22913 RESERVED CVE-2021-22912 RESERVED -CVE-2021-22911 - RESERVED +CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...) + TODO: check CVE-2021-22910 RESERVED -CVE-2021-22909 - RESERVED -CVE-2021-22908 - RESERVED -CVE-2021-22907 - RESERVED +CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...) + TODO: check +CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...) + TODO: check +CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...) + TODO: check CVE-2021-22906 RESERVED CVE-2021-22905 @@ -24436,10 +24454,10 @@ CVE-2021-22901 [TLS session caching disaster] NOTE: https://curl.se/docs/CVE-2021-22901.html NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0) NOTE: Fixed by: https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (7.77.0) -CVE-2021-22900 - RESERVED -CVE-2021-22899 - RESERVED +CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse Connect ...) + TODO: check +CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...) + TODO: check CVE-2021-22898 [TELNET stack contents disclosure] RESERVED - curl <unfixed> @@ -24458,14 +24476,14 @@ CVE-2021-22896 RESERVED CVE-2021-22895 RESERVED -CVE-2021-22894 - RESERVED +CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before ...) + TODO: check CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...) NOT-FOR-US: Pulse Connect Secure -CVE-2021-22892 - RESERVED -CVE-2021-22891 - RESERVED +CVE-2021-22892 (An information disclosure vulnerability exists in the Rocket.Chat serv ...) + TODO: check +CVE-2021-22891 (A missing authorization vulnerability exists in Citrix ShareFile Stora ...) + TODO: check CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...) {DSA-4881-1} - curl 7.74.0-1.2 (bug #986270) @@ -24480,8 +24498,7 @@ CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...) NOT-FOR-US: Rocket.Chat -CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack] - RESERVED +CVE-2021-22885 (A possible information disclosure / unintended method execution vulner ...) {DLA-2655-1} - rails 2:6.0.3.7+dfsg-1 (bug #988214) NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main) @@ -25483,8 +25500,8 @@ CVE-2021-22413 RESERVED CVE-2021-22412 RESERVED -CVE-2021-22411 - RESERVED +CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...) + TODO: check CVE-2021-22410 RESERVED CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...) @@ -25577,20 +25594,20 @@ CVE-2021-22366 RESERVED CVE-2021-22365 RESERVED -CVE-2021-22364 - RESERVED +CVE-2021-22364 (There is a denial of service vulnerability in the versions 10.1.0.126( ...) + TODO: check CVE-2021-22363 RESERVED -CVE-2021-22362 - RESERVED +CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei products. ...) + TODO: check CVE-2021-22361 RESERVED -CVE-2021-22360 - RESERVED -CVE-2021-22359 - RESERVED -CVE-2021-22358 - RESERVED +CVE-2021-22360 (There is a resource management error vulnerability in the verisions V5 ...) + TODO: check +CVE-2021-22359 (There is a denial of service vulnerability in the verisions V200R005C0 ...) + TODO: check +CVE-2021-22358 (There is an insufficient input validation vulnerability in FusionCompu ...) + TODO: check CVE-2021-22357 RESERVED CVE-2021-22356 @@ -26115,8 +26132,8 @@ CVE-2021-22120 RESERVED CVE-2021-22119 RESERVED -CVE-2021-22118 - RESERVED +CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ...) + TODO: check CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...) - rabbitmq-server <not-affected> (Windows-specific) CVE-2021-22116 @@ -29355,8 +29372,8 @@ CVE-2021-20729 RESERVED CVE-2021-20728 RESERVED -CVE-2021-20727 - RESERVED +CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...) + TODO: check CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...) NOT-FOR-US: Overwolf CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...) |