From fccc446b4f8d689d32ffb2b6b09015df990fc2d5 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 2 Mar 2021 20:10:18 +0000 Subject: automatic update --- data/CVE/2020.list | 33 ++++++++++++++++------------ data/CVE/2021.list | 63 ++++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 66 insertions(+), 30 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c92717d1a4..613efb71ec 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -5116,8 +5116,8 @@ CVE-2020-28659 RESERVED CVE-2020-28658 RESERVED -CVE-2020-28657 - RESERVED +CVE-2020-28657 (In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) a ...) + TODO: check CVE-2020-28656 (The update functionality of the Discover Media infotainment system in ...) NOT-FOR-US: 3Discover Media infotainment system in Volkswagen Polo 2019 vehicles CVE-2020-28655 @@ -7146,6 +7146,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb CVE-2020-27779 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...) - poppler 0.85.0-2 @@ -7347,6 +7348,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f CVE-2020-27749 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-27748 [local file inclusion vulnerability] RESERVED @@ -11480,8 +11482,8 @@ CVE-2020-25904 RESERVED CVE-2020-25903 RESERVED -CVE-2020-25902 - RESERVED +CVE-2020-25902 (Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripti ...) + TODO: check CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...) NOT-FOR-US: Spiceworks CVE-2020-25900 @@ -12250,6 +12252,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 CVE-2020-25647 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...) TODO: check @@ -12308,6 +12311,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 CVE-2020-25632 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...) - moodle @@ -16867,8 +16871,8 @@ CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently r NOT-FOR-US: imcat CVE-2020-23519 RESERVED -CVE-2020-23518 - RESERVED +CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - ...) + TODO: check CVE-2020-23517 RESERVED CVE-2020-23516 @@ -36431,6 +36435,7 @@ CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc. NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851 CVE-2020-14372 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-14371 RESERVED @@ -60268,10 +60273,10 @@ CVE-2020-4728 RESERVED CVE-2020-4727 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM -CVE-2020-4726 - RESERVED -CVE-2020-4725 - RESERVED +CVE-2020-4726 (The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) al ...) + TODO: check +CVE-2020-4725 (IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated use ...) + TODO: check CVE-2020-4724 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4723 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) @@ -60282,8 +60287,8 @@ CVE-2020-4721 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attac NOT-FOR-US: IBM CVE-2020-4720 RESERVED -CVE-2020-4719 - RESERVED +CVE-2020-4719 (The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any ...) + TODO: check CVE-2020-4718 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerabl ...) NOT-FOR-US: IBM CVE-2020-4717 @@ -66254,8 +66259,8 @@ CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken wh NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100) CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user ...) NOT-FOR-US: Apache Kylin -CVE-2020-1936 - RESERVED +CVE-2020-1936 (A cross-site scripting issue was found in Apache Ambari Views. This wa ...) + TODO: check CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index eba76b3c8f..f72839c750 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,31 @@ +CVE-2021-3420 + RESERVED +CVE-2021-27917 + RESERVED +CVE-2021-27916 + RESERVED +CVE-2021-27915 + RESERVED +CVE-2021-27914 + RESERVED +CVE-2021-27913 + RESERVED +CVE-2021-27912 + RESERVED +CVE-2021-27911 + RESERVED +CVE-2021-27910 + RESERVED +CVE-2021-27909 + RESERVED +CVE-2021-27908 + RESERVED +CVE-2021-27907 + RESERVED +CVE-2021-27906 + RESERVED +CVE-2021-27905 + RESERVED CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in MISP 2. ...) NOT-FOR-US: MISP CVE-2021-27903 @@ -36,8 +64,8 @@ CVE-2021-27887 RESERVED CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) NOT-FOR-US: rakibtg Docker Dashboard -CVE-2021-27885 - RESERVED +CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) + TODO: check CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...) TODO: check CVE-2021-27883 @@ -2945,8 +2973,8 @@ CVE-2021-3386 RESERVED CVE-2021-3385 RESERVED -CVE-2021-3384 - RESERVED +CVE-2021-3384 (A vulnerability in Stormshield Network Security could allow an attacke ...) + TODO: check CVE-2021-3383 RESERVED CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allo ...) @@ -5830,8 +5858,8 @@ CVE-2021-25332 RESERVED CVE-2021-25331 RESERVED -CVE-2021-25330 - RESERVED +CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...) + TODO: check CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) NOT-FOR-US: MISP CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...) @@ -12270,12 +12298,12 @@ CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. NOT-FOR-US: Huawei CVE-2021-22297 RESERVED -CVE-2021-22296 - RESERVED +CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attack ...) + TODO: check CVE-2021-22295 RESERVED -CVE-2021-22294 - RESERVED +CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...) + TODO: check CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...) NOT-FOR-US: Huawei CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 versions V ...) @@ -12488,8 +12516,8 @@ CVE-2021-22189 RESERVED CVE-2021-22188 RESERVED -CVE-2021-22187 - RESERVED +CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...) + TODO: check CVE-2021-22186 RESERVED CVE-2021-22185 @@ -13883,10 +13911,10 @@ CVE-2021-21516 RESERVED CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross ...) NOT-FOR-US: EMC -CVE-2021-21514 - RESERVED -CVE-2021-21513 - RESERVED +CVE-2021-21514 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior ...) + TODO: check +CVE-2021-21513 (Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft ...) + TODO: check CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...) NOT-FOR-US: EMC CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...) @@ -14311,6 +14339,7 @@ CVE-2021-21313 CVE-2021-21312 RESERVED CVE-2021-21311 (Adminer is an open-source database management in a single PHP file. In ...) + {DLA-2580-1} - adminer 4.7.9-1 NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 NOTE: https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 (v4.7.9) @@ -16705,6 +16734,7 @@ CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123 CVE-2021-20233 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2021-20232 RESERVED @@ -16743,6 +16773,7 @@ CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel, NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/ CVE-2021-20225 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2021-20224 RESERVED -- cgit v1.2.3