diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-03-30 08:10:13 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-03-30 08:10:13 +0000 |
| commit | 0bc0d4de8faba5e2c926ef37813cb70b752721aa (patch) | |
| tree | b41920dedd28656db4dc0e075b9c89d9a276d19b | |
| parent | 1e5b0cd6527cea086428bcf6270168a46e2ebe6c (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2018.list | 9 | ||||
| -rw-r--r-- | data/CVE/2019.list | 4 | ||||
| -rw-r--r-- | data/CVE/2020.list | 44 | ||||
| -rw-r--r-- | data/CVE/2021.list | 162 |
4 files changed, 113 insertions, 106 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index e2fde151cc..03fd1fc265 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -52657,12 +52657,10 @@ CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable whe CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earl ...) NOT-FOR-US: Red Hat Specific script NOTE: https://access.redhat.com/security/vulnerabilities/3442151 -CVE-2018-1110 [Improper Input Validation] - RESERVED +CVE-2018-1110 (A flaw was found in knot-resolver before version 2.3.0. Malformed DNS ...) - knot-resolver 2.3.0-1 (bug #896681) NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2 -CVE-2018-1109 - RESERVED +CVE-2018-1109 (A vulnerability was found in Braces versions prior to 2.3.1. Affected ...) - node-braces <not-affected> (Vulnerable code introduced in 2.2.0) NOTE: https://snyk.io/vuln/npm:braces:20180219 NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0) @@ -52675,8 +52673,7 @@ CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakne [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559 -CVE-2018-1107 - RESERVED +CVE-2018-1107 (It was discovered that the is-my-json-valid JavaScript library used an ...) NOT-FOR-US: is-my-json-valid package for Node.js CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before 1.1. ...) {DSA-4207-1} diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 7388992526..c7b8dc218b 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -41882,8 +41882,8 @@ CVE-2019-5321 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 29 NOT-FOR-US: Aruba Intelligent Edge Switch Series CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...) NOT-FOR-US: Aruba Intelligent Edge Switch Series -CVE-2019-5319 - RESERVED +CVE-2019-5319 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) + TODO: check CVE-2019-5318 RESERVED CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5d49c7a09e..be0b998d2e 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -2738,10 +2738,10 @@ CVE-2020-35140 RESERVED CVE-2020-35139 RESERVED -CVE-2020-35138 - RESERVED -CVE-2020-35137 - RESERVED +CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...) + TODO: check +CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...) + TODO: check CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...) - dolibarr <removed> CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...) @@ -12639,8 +12639,8 @@ CVE-2020-25585 RESERVED CVE-2020-25584 RESERVED -CVE-2020-25583 - RESERVED +CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...) + TODO: check CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...) TODO: check CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ...) @@ -12651,8 +12651,8 @@ CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r36904 TODO: check CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...) TODO: check -CVE-2020-25577 - RESERVED +CVE-2020-25577 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...) + TODO: check CVE-2020-25572 RESERVED CVE-2020-25571 @@ -14691,8 +14691,8 @@ CVE-2020-24638 (Multiple authenticated remote command executions are possible in NOT-FOR-US: Aruba CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...) NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS) -CVE-2020-24636 - RESERVED +CVE-2020-24636 (A remote execution of arbitrary commands vulnerability was discovered ...) + TODO: check CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...) @@ -23017,8 +23017,8 @@ CVE-2020-20547 RESERVED CVE-2020-20546 RESERVED -CVE-2020-20545 - RESERVED +CVE-2020-20545 (Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Coll ...) + TODO: check CVE-2020-20544 RESERVED CVE-2020-20543 @@ -24830,16 +24830,16 @@ CVE-2020-19645 RESERVED CVE-2020-19644 RESERVED -CVE-2020-19643 - RESERVED -CVE-2020-19642 - RESERVED -CVE-2020-19641 - RESERVED -CVE-2020-19640 - RESERVED -CVE-2020-19639 - RESERVED +CVE-2020-19643 (Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P ...) + TODO: check +CVE-2020-19642 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) + TODO: check +CVE-2020-19641 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) + TODO: check +CVE-2020-19640 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) + TODO: check +CVE-2020-19639 (Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy ...) + TODO: check CVE-2020-19638 RESERVED CVE-2020-19637 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 6350af82eb..e62d37143f 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,13 @@ +CVE-2021-3476 + RESERVED +CVE-2021-3475 + RESERVED +CVE-2021-3474 + RESERVED +CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...) + TODO: check +CVE-2021-29423 + RESERVED CVE-2021-3473 RESERVED CVE-2021-3472 @@ -10,8 +20,8 @@ CVE-2021-29420 RESERVED CVE-2021-29419 RESERVED -CVE-2021-29418 - RESERVED +CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...) + TODO: check CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...) TODO: check CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...) @@ -94,8 +104,8 @@ CVE-2021-29378 RESERVED CVE-2021-29377 RESERVED -CVE-2021-29376 - RESERVED +CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...) + TODO: check CVE-2021-29375 RESERVED CVE-2021-29374 @@ -1599,16 +1609,16 @@ CVE-2021-28674 RESERVED CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...) NOT-FOR-US: Xerox -CVE-2021-28672 - RESERVED -CVE-2021-28671 - RESERVED +CVE-2021-28672 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...) + TODO: check +CVE-2021-28671 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...) + TODO: check CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...) NOT-FOR-US: Xerox -CVE-2021-28669 - RESERVED -CVE-2021-28668 - RESERVED +CVE-2021-28669 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...) + TODO: check +CVE-2021-28668 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...) + TODO: check CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loop that ...) NOT-FOR-US: StackStorm CVE-2021-28666 @@ -4720,16 +4730,16 @@ CVE-2021-27278 RESERVED CVE-2021-27277 RESERVED -CVE-2021-27276 - RESERVED -CVE-2021-27275 - RESERVED -CVE-2021-27274 - RESERVED -CVE-2021-27273 - RESERVED -CVE-2021-27272 - RESERVED +CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...) + TODO: check +CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2021-27274 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-27273 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-27272 (This vulnerability allows remote attackers to delete arbitrary files o ...) + TODO: check CVE-2021-27271 RESERVED CVE-2021-27270 @@ -4782,20 +4792,20 @@ CVE-2021-27247 RESERVED CVE-2021-27246 RESERVED -CVE-2021-27245 - RESERVED -CVE-2021-27244 - RESERVED -CVE-2021-27243 - RESERVED -CVE-2021-27242 - RESERVED -CVE-2021-27241 - RESERVED -CVE-2021-27240 - RESERVED -CVE-2021-27239 - RESERVED +CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...) + TODO: check +CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...) + TODO: check +CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check CVE-2021-27238 RESERVED CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...) @@ -6004,8 +6014,7 @@ CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allow NOT-FOR-US: Emoncms CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...) NOT-FOR-US: MITREid Connect -CVE-2021-26714 - RESERVED +CVE-2021-26714 (The Enterprise License Manager portal in Mitel MiContact Center Enterp ...) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3 CVE-2021-26713 (A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...) - asterisk <not-affected> (Only affects 16.16.0 onwards) @@ -6364,8 +6373,8 @@ CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stabl - airflow <itp> (bug #819700) CVE-2021-26558 RESERVED -CVE-2021-3391 - RESERVED +CVE-2021-3391 (MobileIron Mobile@Work through 2021-03-22 allows attackers to distingu ...) + TODO: check CVE-2021-3390 RESERVED CVE-2021-3389 @@ -9783,22 +9792,22 @@ CVE-2021-25164 RESERVED CVE-2021-25163 RESERVED -CVE-2021-25162 - RESERVED -CVE-2021-25161 - RESERVED -CVE-2021-25160 - RESERVED -CVE-2021-25159 - RESERVED -CVE-2021-25158 - RESERVED -CVE-2021-25157 - RESERVED -CVE-2021-25156 - RESERVED -CVE-2021-25155 - RESERVED +CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...) + TODO: check +CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...) + TODO: check +CVE-2021-25160 (A remote arbitrary file modification vulnerability was discovered in s ...) + TODO: check +CVE-2021-25159 (A remote arbitrary file modification vulnerability was discovered in s ...) + TODO: check +CVE-2021-25158 (A remote arbitrary file read vulnerability was discovered in some Arub ...) + TODO: check +CVE-2021-25157 (A remote arbitrary file read vulnerability was discovered in some Arub ...) + TODO: check +CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered in so ...) + TODO: check +CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...) + TODO: check CVE-2021-25154 RESERVED CVE-2021-25153 @@ -9807,18 +9816,18 @@ CVE-2021-25152 RESERVED CVE-2021-25151 RESERVED -CVE-2021-25150 - RESERVED -CVE-2021-25149 - RESERVED -CVE-2021-25148 - RESERVED +CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered ...) + TODO: check +CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) + TODO: check +CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...) + TODO: check CVE-2021-25147 RESERVED -CVE-2021-25146 - RESERVED -CVE-2021-25145 - RESERVED +CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered ...) + TODO: check +CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...) + TODO: check CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) NOT-FOR-US: Aruba CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...) @@ -15411,7 +15420,8 @@ CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P NOT-FOR-US: Samsung mobile devices CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...) NOT-FOR-US: Samsung Note20 mobile devices -CVE-2021-22493 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) +CVE-2021-22493 + REJECTED NOT-FOR-US: Samsung mobile devices CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices @@ -22289,10 +22299,10 @@ CVE-2021-1872 RESERVED CVE-2021-1871 RESERVED - - webkit2gtk <unfixed> + - webkit2gtk <unfixed> [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - - wpewebkit <unfixed> - NOTE: https://webkitgtk.org/security/WSA-2021-0003.html + - wpewebkit <unfixed> + NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1870 RESERVED {DSA-4877-1} @@ -22352,10 +22362,10 @@ CVE-2021-1845 RESERVED CVE-2021-1844 RESERVED - - webkit2gtk <unfixed> + - webkit2gtk <unfixed> [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - - wpewebkit <unfixed> - NOTE: https://webkitgtk.org/security/WSA-2021-0003.html + - wpewebkit <unfixed> + NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1843 RESERVED CVE-2021-1842 @@ -22483,10 +22493,10 @@ CVE-2021-1789 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2021-1788 RESERVED - - webkit2gtk <unfixed> + - webkit2gtk <unfixed> [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - - wpewebkit <unfixed> - NOTE: https://webkitgtk.org/security/WSA-2021-0003.html + - wpewebkit <unfixed> + NOTE: https://webkitgtk.org/security/WSA-2021-0003.html CVE-2021-1787 RESERVED CVE-2021-1786 |