From 046c7072fe1e244f0b05999c099e19063bbc2e3c Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 27 Oct 2021 08:10:10 +0000 Subject: automatic update --- data/CVE/list | 127 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 44 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 6ddd88ecfc..946095ed44 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,39 @@ +CVE-2021-43044 + RESERVED +CVE-2021-43043 + RESERVED +CVE-2021-43042 + RESERVED +CVE-2021-43041 + RESERVED +CVE-2021-43040 + RESERVED +CVE-2021-43039 + RESERVED +CVE-2021-43038 + RESERVED +CVE-2021-43037 + RESERVED +CVE-2021-43036 + RESERVED +CVE-2021-43035 + RESERVED +CVE-2021-43034 + RESERVED +CVE-2021-43033 + RESERVED +CVE-2021-3912 + RESERVED +CVE-2021-3911 + RESERVED +CVE-2021-3910 + RESERVED +CVE-2021-3909 + RESERVED +CVE-2021-3908 + RESERVED +CVE-2021-3907 + RESERVED CVE-2021-3906 RESERVED CVE-2018-25019 @@ -3837,8 +3873,8 @@ CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attacker CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...) - onionshare TODO: check details, exact fixing commits unclear -CVE-2021-41866 - RESERVED +CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...) + TODO: check CVE-2021-3853 RESERVED CVE-2021-3852 @@ -11875,8 +11911,8 @@ CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Manage NOT-FOR-US: Moxa CVE-2021-38451 (The affected product’s proprietary protocol CSC allows for calli ...) NOT-FOR-US: AUVESY -CVE-2021-38450 - RESERVED +CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...) + TODO: check CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...) NOT-FOR-US: AUVESY CVE-2021-38448 @@ -15091,26 +15127,26 @@ CVE-2021-37133 RESERVED CVE-2021-37132 RESERVED -CVE-2021-37131 - RESERVED -CVE-2021-37130 - RESERVED -CVE-2021-37129 - RESERVED +CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...) + TODO: check +CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...) + TODO: check +CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...) + TODO: check CVE-2021-37128 RESERVED -CVE-2021-37127 - RESERVED +CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...) + TODO: check CVE-2021-37126 RESERVED CVE-2021-37125 RESERVED -CVE-2021-37124 - RESERVED +CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...) + TODO: check CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...) NOT-FOR-US: Hero-CT060 -CVE-2021-37122 - RESERVED +CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...) + TODO: check CVE-2021-37121 RESERVED CVE-2021-37120 @@ -19559,14 +19595,14 @@ CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through UR NOT-FOR-US: Solarwinds CVE-2021-35237 RESERVED -CVE-2021-35236 - RESERVED -CVE-2021-35235 - RESERVED +CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...) + TODO: check +CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...) + TODO: check CVE-2021-35234 RESERVED -CVE-2021-35233 - RESERVED +CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server ...) + TODO: check CVE-2021-35232 RESERVED CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) @@ -24944,8 +24980,8 @@ CVE-2021-32953 RESERVED CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...) NOT-FOR-US: Open Design Alliance -CVE-2021-32951 - RESERVED +CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...) + TODO: check CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...) NOT-FOR-US: Open Design Alliance CVE-2021-32949 @@ -30335,7 +30371,8 @@ CVE-2021-30853 REJECTED CVE-2021-30852 REJECTED -CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking.) +CVE-2021-30851 + REJECTED - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 @@ -30343,11 +30380,13 @@ CVE-2021-30851 (A memory corruption vulnerability was addressed with improved lo CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 NOTE: https://webkitgtk.org/security/WSA-2021-0006.html CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...) + {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 @@ -41048,8 +41087,8 @@ CVE-2021-26612 RESERVED CVE-2021-26611 RESERVED -CVE-2021-26610 - RESERVED +CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...) + TODO: check CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...) NOT-FOR-US: WordPress plugin CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...) @@ -47751,8 +47790,8 @@ CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product R NOT-FOR-US: McAfee CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...) NOT-FOR-US: McAfee -CVE-2021-23877 - RESERVED +CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial installer of M ...) + TODO: check CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...) NOT-FOR-US: McAfee CVE-2021-23875 @@ -81064,8 +81103,8 @@ CVE-2020-22866 RESERVED CVE-2020-22865 RESERVED -CVE-2020-22864 - RESERVED +CVE-2020-22864 (A cross site scripting (XSS) vulnerability in the Insert Video functio ...) + TODO: check CVE-2020-22863 RESERVED CVE-2020-22862 @@ -118863,8 +118902,8 @@ CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remo NOT-FOR-US: ZOOK software CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...) NOT-FOR-US: helpUS(remote administration tool) -CVE-2020-7867 - RESERVED +CVE-2020-7867 (An improper input validation vulnerability in Helpu solution could all ...) + TODO: check CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, ...) NOT-FOR-US: XPLATFORM CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...) @@ -185307,8 +185346,8 @@ CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving mes NOT-FOR-US: Thrift servers CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...) - hhvm -CVE-2019-3556 - RESERVED +CVE-2019-3556 (HHVM supports the use of an "admin" server which accepts administrativ ...) + TODO: check CVE-2019-3555 RESERVED CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...) @@ -279900,7 +279939,7 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurat NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667 NOTE: https://github.com/eclipse/jetty.project/commit/a285deea CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...) - {DLA-1972-1} + {DLA-2793-1 DLA-1972-1} - mosquitto 1.5.4-1 (low) [stretch] - mosquitto (Minor issue) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775 @@ -421010,8 +421049,8 @@ CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x befor - openssl 1.0.0f-1 CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss E ...) NOT-FOR-US: JMX Console -CVE-2011-4574 - RESERVED +CVE-2011-4574 (PolarSSL versions prior to v1.1 use the HAVEGE random number generatio ...) + TODO: check CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly ...) NOT-FOR-US: JBoss Operations Network CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...) @@ -422289,12 +422328,12 @@ CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO io {DSA-2443-1 DSA-2389-1} - libguestfs 1:1.14.8-1 - linux-2.6 -CVE-2011-4126 - RESERVED -CVE-2011-4125 - RESERVED -CVE-2011-4124 - RESERVED +CVE-2011-4126 (Race condition issues were found in Calibre at devices/linux_mount_hel ...) + TODO: check +CVE-2011-4125 (A untrusted search path issue was found in Calibre at devices/linux_mo ...) + TODO: check +CVE-2011-4124 (Input validation issues were found in Calibre at devices/linux_mount_h ...) + TODO: check CVE-2011-4123 REJECTED CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...) -- cgit v1.2.3