From 18b486964b11ab4d532ce17cddc9989afe395df9 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 8 Dec 2021 08:10:15 +0000 Subject: automatic update --- data/CVE/list | 282 +++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 183 insertions(+), 99 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 317f262328..ea127aff75 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,89 @@ +CVE-2021-44738 + RESERVED +CVE-2021-44737 + RESERVED +CVE-2021-44736 + RESERVED +CVE-2021-44735 + RESERVED +CVE-2021-44734 + RESERVED +CVE-2021-44733 + RESERVED +CVE-2021-44732 + RESERVED +CVE-2021-44731 + RESERVED +CVE-2021-44730 + RESERVED +CVE-2021-44729 + RESERVED +CVE-2021-44728 + RESERVED +CVE-2021-44727 + RESERVED +CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...) + TODO: check +CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...) + TODO: check +CVE-2021-44724 + RESERVED +CVE-2021-44723 + RESERVED +CVE-2021-44722 + RESERVED +CVE-2021-44721 + RESERVED +CVE-2021-44720 + RESERVED +CVE-2021-44719 + RESERVED +CVE-2021-44718 + RESERVED +CVE-2021-44717 + RESERVED +CVE-2021-44716 + RESERVED +CVE-2021-44715 + RESERVED +CVE-2021-44714 + RESERVED +CVE-2021-44713 + RESERVED +CVE-2021-44712 + RESERVED +CVE-2021-44711 + RESERVED +CVE-2021-44710 + RESERVED +CVE-2021-44709 + RESERVED +CVE-2021-44708 + RESERVED +CVE-2021-44707 + RESERVED +CVE-2021-44706 + RESERVED +CVE-2021-44705 + RESERVED +CVE-2021-44704 + RESERVED +CVE-2021-44703 + RESERVED +CVE-2021-44702 + RESERVED +CVE-2021-44701 + RESERVED +CVE-2021-44700 + RESERVED +CVE-2021-44699 + RESERVED +CVE-2021-44698 + RESERVED +CVE-2021-44697 + RESERVED +CVE-2021-44696 + RESERVED CVE-2021-44695 RESERVED CVE-2021-44694 @@ -707,8 +793,7 @@ CVE-2021-44422 RESERVED CVE-2021-44421 RESERVED -CVE-2021-44420 [Potential bypass of an upstream access control based on URL paths] - RESERVED +CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) - python-django 2:3.2.10-1 [bullseye] - python-django (Minor issue) [buster] - python-django (Minor issue) @@ -1463,10 +1548,10 @@ CVE-2021-44151 RESERVED CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...) NOT-FOR-US: tusdotnet -CVE-2021-44149 - RESERVED -CVE-2021-44148 - RESERVED +CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...) + TODO: check +CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...) + TODO: check CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...) NOT-FOR-US: Claris CVE-2021-44146 @@ -1931,8 +2016,8 @@ CVE-2021-43965 RESERVED CVE-2021-43964 RESERVED -CVE-2021-43963 - RESERVED +CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...) + TODO: check CVE-2021-43962 RESERVED CVE-2021-43961 @@ -2464,12 +2549,12 @@ CVE-2021-43812 RESERVED CVE-2021-43811 RESERVED -CVE-2021-43810 - RESERVED +CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...) + TODO: check CVE-2021-43809 RESERVED -CVE-2021-43808 - RESERVED +CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...) + TODO: check CVE-2021-43807 RESERVED CVE-2021-43806 @@ -3655,10 +3740,10 @@ CVE-2021-43640 RESERVED CVE-2021-43639 RESERVED -CVE-2021-43638 - RESERVED -CVE-2021-43637 - RESERVED +CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...) + TODO: check +CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...) + TODO: check CVE-2021-43636 RESERVED CVE-2021-43635 @@ -6255,7 +6340,7 @@ CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", t TODO: check correctness, there is distinction on github.com/cloudflare/cfrpki/cmd/octorpki and github.com/cloudflare/cfrpki/pki CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...) NOT-FOR-US: bookstack -CVE-2018-25020 [bpf: fix truncated jump targets on heavy expansions] +CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...) - linux 4.17.3-1 NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7) CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...) @@ -6332,76 +6417,76 @@ CVE-2021-43008 RESERVED CVE-2021-43007 RESERVED -CVE-2021-43006 - RESERVED +CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...) + TODO: check CVE-2021-43005 RESERVED CVE-2021-43004 RESERVED -CVE-2021-43003 - RESERVED -CVE-2021-43002 - RESERVED +CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...) + TODO: check +CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...) + TODO: check CVE-2021-43001 RESERVED -CVE-2021-43000 - RESERVED +CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...) + TODO: check CVE-2021-42999 RESERVED CVE-2021-42998 RESERVED CVE-2021-42997 RESERVED -CVE-2021-42996 - RESERVED +CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...) + TODO: check CVE-2021-42995 RESERVED -CVE-2021-42994 - RESERVED -CVE-2021-42993 - RESERVED +CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...) + TODO: check +CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...) + TODO: check CVE-2021-42992 RESERVED CVE-2021-42991 RESERVED -CVE-2021-42990 - RESERVED +CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...) + TODO: check CVE-2021-42989 RESERVED -CVE-2021-42988 - RESERVED -CVE-2021-42987 - RESERVED -CVE-2021-42986 - RESERVED +CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...) + TODO: check +CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...) + TODO: check +CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...) + TODO: check CVE-2021-42985 RESERVED CVE-2021-42984 RESERVED -CVE-2021-42983 - RESERVED +CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...) + TODO: check CVE-2021-42982 RESERVED CVE-2021-42981 RESERVED -CVE-2021-42980 - RESERVED -CVE-2021-42979 - RESERVED +CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...) + TODO: check +CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...) + TODO: check CVE-2021-42978 RESERVED -CVE-2021-42977 - RESERVED -CVE-2021-42976 - RESERVED +CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...) + TODO: check +CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...) + TODO: check CVE-2021-42975 RESERVED CVE-2021-42974 RESERVED -CVE-2021-42973 - RESERVED -CVE-2021-42972 - RESERVED +CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...) + TODO: check +CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...) + TODO: check CVE-2021-42971 RESERVED CVE-2021-42970 @@ -6984,8 +7069,7 @@ CVE-2021-42718 RESERVED CVE-2021-3894 RESERVED -CVE-2021-42717 [ModSecurity DoS Vulnerability in JSON Parsing] - RESERVED +CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...) - modsecurity 3.0.6-1 - modsecurity-apache 2.9.5-1 [stretch] - modsecurity-apache (revisit when/if fixed upstream) @@ -7056,22 +7140,22 @@ CVE-2021-42690 RESERVED CVE-2021-42689 RESERVED -CVE-2021-42688 - RESERVED -CVE-2021-42687 - RESERVED -CVE-2021-42686 - RESERVED -CVE-2021-42685 - RESERVED +CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...) + TODO: check +CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + TODO: check +CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...) + TODO: check +CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + TODO: check CVE-2021-42684 RESERVED -CVE-2021-42683 - RESERVED -CVE-2021-42682 - RESERVED -CVE-2021-42681 - RESERVED +CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + TODO: check +CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + TODO: check +CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...) + TODO: check CVE-2021-42680 RESERVED CVE-2021-42679 @@ -7303,8 +7387,8 @@ CVE-2021-42569 RESERVED CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...) NOT-FOR-US: Sonatype -CVE-2021-42567 - RESERVED +CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...) + TODO: check CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...) NOT-FOR-US: myfactory.FMS CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...) @@ -11510,12 +11594,12 @@ CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow NOT-FOR-US: Atlassian CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...) NOT-FOR-US: Atlassian -CVE-2021-41311 - RESERVED +CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...) + TODO: check CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian -CVE-2021-41309 - RESERVED +CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...) + TODO: check CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) @@ -13278,8 +13362,8 @@ CVE-2021-40580 RESERVED CVE-2021-40579 RESERVED -CVE-2021-40578 - RESERVED +CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was ...) + TODO: check CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester CVE-2021-40576 @@ -14043,8 +14127,8 @@ CVE-2021-40290 RESERVED CVE-2021-40289 RESERVED -CVE-2021-40288 - RESERVED +CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) + TODO: check CVE-2021-40287 RESERVED CVE-2021-40286 @@ -17695,8 +17779,8 @@ CVE-2021-38761 RESERVED CVE-2021-38760 RESERVED -CVE-2021-38759 - RESERVED +CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...) + TODO: check CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...) NOT-FOR-US: Directory traversal in Online Catering Reservation System CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) @@ -22645,8 +22729,8 @@ CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack th NOT-FOR-US: HCC Embedded InterNiche NicheStack CVE-2021-36761 RESERVED -CVE-2021-36760 - RESERVED +CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...) + TODO: check CVE-2021-36759 RESERVED CVE-2021-3651 @@ -24040,8 +24124,8 @@ CVE-2021-36135 RESERVED CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...) NOT-FOR-US: McAfee -CVE-2021-36133 - RESERVED +CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...) + TODO: check CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...) NOT-FOR-US: FileImport MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ @@ -27863,10 +27947,10 @@ CVE-2021-34546 (An unauthenticated attacker with physical access to a computer w NOT-FOR-US: NetSetMan Pro CVE-2021-34545 RESERVED -CVE-2021-34544 - RESERVED -CVE-2021-34543 - RESERVED +CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...) + TODO: check +CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...) + TODO: check CVE-2021-34542 RESERVED CVE-2021-34541 @@ -42833,8 +42917,8 @@ CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remo - envoyproxy (bug #987544) CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...) NOT-FOR-US: Pion WebRTC -CVE-2021-28680 - RESERVED +CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...) + TODO: check CVE-2021-28679 RESERVED CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...) @@ -48027,8 +48111,8 @@ CVE-2021-3372 RESERVED CVE-2021-3371 RESERVED -CVE-2021-3370 - RESERVED +CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...) + TODO: check CVE-2021-3369 RESERVED CVE-2021-3368 @@ -54023,8 +54107,8 @@ CVE-2021-24043 RESERVED CVE-2021-24042 RESERVED -CVE-2021-24041 - RESERVED +CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...) + TODO: check CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...) NOT-FOR-US: Facebook ParlAI CVE-2021-24039 @@ -77590,8 +77674,8 @@ CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10. NOT-FOR-US: REDCap CVE-2020-27357 RESERVED -CVE-2020-27356 - RESERVED +CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...) + TODO: check CVE-2020-27355 RESERVED CVE-2020-27354 @@ -89003,8 +89087,8 @@ CVE-2020-22423 RESERVED CVE-2020-22422 RESERVED -CVE-2020-22421 - RESERVED +CVE-2020-22421 (74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check CVE-2020-22420 RESERVED CVE-2020-22419 -- cgit v1.2.3