diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-03-29 20:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-03-29 20:10:18 +0000 |
commit | 46b7f1f6ea0548bac08a539023d96f8c4da087ef (patch) | |
tree | c4301c80aae0d223f14d96fcd43c65d5d7ca6dc2 | |
parent | a097bbf0b4482b6d5d9c13155243e326057c7cab (diff) |
automatic update
-rw-r--r-- | data/CVE/2019.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 18 | ||||
-rw-r--r-- | data/CVE/2021.list | 85 |
3 files changed, 67 insertions, 40 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 74c4158662..dd3a53e775 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -41886,8 +41886,8 @@ CVE-2019-5319 RESERVED CVE-2019-5318 RESERVED -CVE-2019-5317 - RESERVED +CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...) + TODO: check CVE-2019-5316 RESERVED CVE-2019-5315 (A command injection vulnerability is present in the web management int ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 4caad7d110..1a54e4ed83 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -8761,10 +8761,12 @@ CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...) NOT-FOR-US: G-Data CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...) + {DLA-2610-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3 CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...) + {DLA-2610-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2 @@ -13393,10 +13395,10 @@ CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows - libproxy 0.4.15-15 (bug #971394) NOTE: https://github.com/libproxy/libproxy/issues/134 NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0 -CVE-2020-25218 - RESERVED -CVE-2020-25217 - RESERVED +CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) + TODO: check +CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) + TODO: check CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...) NOT-FOR-US: yWorks yEd Desktop CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...) @@ -14691,8 +14693,8 @@ CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for a NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS) CVE-2020-24636 RESERVED -CVE-2020-24635 - RESERVED +CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...) + TODO: check CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...) NOT-FOR-US: Aruba CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...) @@ -53031,8 +53033,8 @@ CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered whe NOT-FOR-US: DaviewIndy CVE-2020-7851 RESERVED -CVE-2020-7850 - RESERVED +CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...) + TODO: check CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...) NOT-FOR-US: uPrism.io CURIX CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 15935d11d4..8e4557c9ba 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,25 @@ +CVE-2021-3473 + RESERVED +CVE-2021-3472 + RESERVED +CVE-2021-29422 + RESERVED +CVE-2021-29421 + RESERVED +CVE-2021-29420 + RESERVED +CVE-2021-29419 + RESERVED +CVE-2021-29418 + RESERVED +CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...) + TODO: check +CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...) + TODO: check +CVE-2021-29415 + RESERVED +CVE-2021-29414 + RESERVED CVE-2021-29413 RESERVED CVE-2021-29412 @@ -296,8 +318,8 @@ CVE-2021-29269 RESERVED CVE-2021-29268 RESERVED -CVE-2021-29267 - RESERVED +CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...) + TODO: check CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...) - linux 5.10.26-1 (unimportant) [buster] - linux <not-affected> (Vulnerable code introduced later) @@ -996,8 +1018,8 @@ CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security chec - openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h) NOTE: https://www.openssl.org/news/secadv/20210325.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b -CVE-2021-28957 (lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.l ...) - {DLA-2606-1} +CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...) + {DSA-4880-1 DLA-2606-1} - lxml 4.6.3-1 (bug #985643) NOTE: https://bugs.launchpad.net/lxml/+bug/1888153 NOTE: https://github.com/lxml/lxml/pull/316 @@ -1039,10 +1061,10 @@ CVE-2021-28939 RESERVED CVE-2021-28938 RESERVED -CVE-2021-28937 - RESERVED -CVE-2021-28936 - RESERVED +CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...) + TODO: check +CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...) + TODO: check CVE-2021-28935 RESERVED CVE-2021-28934 @@ -1575,14 +1597,14 @@ CVE-2021-28675 RESERVED CVE-2021-28674 RESERVED -CVE-2021-28673 - RESERVED +CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...) + TODO: check CVE-2021-28672 RESERVED CVE-2021-28671 RESERVED -CVE-2021-28670 - RESERVED +CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...) + TODO: check CVE-2021-28669 RESERVED CVE-2021-28668 @@ -1619,6 +1641,7 @@ CVE-2021-28687 [HVM soft-reset crashes toolstack] [stretch] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-368.html CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...) + {DLA-2610-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7 @@ -2751,6 +2774,7 @@ CVE-2021-3429 NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668 CVE-2021-3428 [integer overflow in ext4_es_cache_extent] RESERVED + {DLA-2610-1} - linux 5.8.7-1 [buster] - linux 4.19.181-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786 @@ -3215,7 +3239,7 @@ CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3 [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-369.html CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://xenbits.xen.org/xsa/advisory-367.html @@ -3267,7 +3291,7 @@ CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 bef - mariadb-10.1 <removed> NOTE: https://jira.mariadb.org/browse/MDEV-25179 NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27 -CVE-2021-27927 (In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x befor ...) +CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...) - zabbix 1:5.0.8+dfsg-1 [stretch] - zabbix <no-dsa> (minor issue) NOTE: https://support.zabbix.com/browse/ZBX-18942 @@ -4495,18 +4519,18 @@ CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend CVE-2021-27366 RESERVED CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5 CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa @@ -4530,8 +4554,8 @@ CVE-2021-27354 RESERVED CVE-2021-27353 RESERVED -CVE-2021-27352 - RESERVED +CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...) + TODO: check CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...) - telegram-desktop 2.6.1-1 [buster] - telegram-desktop <not-affected> (Vulnerable code not present) @@ -5465,17 +5489,17 @@ CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a gue [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-364.html CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.19-1 [buster] - linux 4.19.177-1 NOTE: https://xenbits.xen.org/xsa/advisory-361.html CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.19-1 [buster] - linux 4.19.177-1 NOTE: https://xenbits.xen.org/xsa/advisory-362.html CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...) - {DLA-2586-1} + {DLA-2610-1 DLA-2586-1} - linux 5.10.19-1 [buster] - linux 4.19.177-1 NOTE: https://xenbits.xen.org/xsa/advisory-365.html @@ -6945,6 +6969,7 @@ CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13 NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08 CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...) + {DLA-2610-1} - linux 5.10.13-1 [buster] - linux 4.19.177-1 [stretch] - linux <not-affected> (Vulnerable code not present) @@ -9794,10 +9819,10 @@ CVE-2021-25146 RESERVED CVE-2021-25145 RESERVED -CVE-2021-25144 - RESERVED -CVE-2021-25143 - RESERVED +CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) + TODO: check +CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...) + TODO: check CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) NOT-FOR-US: HPE CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...) @@ -13614,8 +13639,8 @@ CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-con NOT-FOR-US: Node killport CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...) NOT-FOR-US: Node port-killer -CVE-2021-23358 - RESERVED +CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...) + TODO: check CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...) NOT-FOR-US: tyk/gateway CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...) @@ -16970,8 +16995,8 @@ CVE-2021-21729 RESERVED CVE-2021-21728 RESERVED -CVE-2021-21727 - RESERVED +CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...) + TODO: check CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...) NOT-FOR-US: ZTE CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...) |