From 741b2cf810e25675b0a5d6424f4764ef949b517b Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 6 Dec 2021 20:10:22 +0000 Subject: automatic update --- data/CVE/list | 120 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 56 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 1f108f06e8..212aee9b34 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2021-4074 + RESERVED +CVE-2021-4073 + RESERVED +CVE-2021-4072 + RESERVED +CVE-2021-4071 + RESERVED CVE-2021-44674 RESERVED CVE-2021-44673 @@ -252,8 +260,8 @@ CVE-2021-4070 RESERVED CVE-2021-44549 RESERVED -CVE-2021-4069 - RESERVED +CVE-2021-4069 (vim is vulnerable to Use After Free ...) + TODO: check CVE-2021-44548 RESERVED CVE-2021-4068 @@ -1744,13 +1752,13 @@ CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326 NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2) CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...) - {DSA-5013-1} + {DSA-5013-1 DLA-2840-1} - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/issues/8193 NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17) CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...) - {DSA-5013-1} + {DSA-5013-1 DLA-2840-1} - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) @@ -2107,8 +2115,8 @@ CVE-2021-43938 RESERVED CVE-2021-43937 RESERVED -CVE-2021-43936 - RESERVED +CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...) + TODO: check CVE-2021-43935 RESERVED CVE-2021-43934 @@ -2117,8 +2125,8 @@ CVE-2021-43933 RESERVED CVE-2021-43932 RESERVED -CVE-2021-43931 - RESERVED +CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...) + TODO: check CVE-2021-43930 RESERVED CVE-2021-43929 @@ -2379,8 +2387,8 @@ CVE-2021-43802 RESERVED CVE-2021-43801 RESERVED -CVE-2021-43800 - RESERVED +CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...) + TODO: check CVE-2021-43799 RESERVED CVE-2021-43798 @@ -2411,8 +2419,7 @@ CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affect NOT-FOR-US: Nodebb CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...) NOT-FOR-US: @joeattardi/emoji-button -CVE-2021-43784 - RESERVED +CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...) - runc 1.0.3+ds1-1 NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1 @@ -2421,8 +2428,8 @@ CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the defa NOT-FOR-US: @backstage/plugin-scaffolder-backend CVE-2021-43782 RESERVED -CVE-2021-43781 - RESERVED +CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...) + TODO: check CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...) NOT-FOR-US: Redash CVE-2021-43779 @@ -4040,12 +4047,12 @@ CVE-2021-43473 RESERVED CVE-2021-43472 RESERVED -CVE-2021-43471 - RESERVED +CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does not requi ...) + TODO: check CVE-2021-43470 RESERVED -CVE-2021-43469 - RESERVED +CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulner ...) + TODO: check CVE-2021-43468 RESERVED CVE-2021-43467 @@ -14789,8 +14796,8 @@ CVE-2021-39892 RESERVED CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab -CVE-2021-39890 - RESERVED +CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) + TODO: check CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...) @@ -23665,8 +23672,8 @@ CVE-2021-36200 RESERVED CVE-2021-36199 RESERVED -CVE-2021-36198 - RESERVED +CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...) + TODO: check CVE-2021-36197 RESERVED CVE-2021-36196 @@ -26005,14 +26012,14 @@ CVE-2021-35247 RESERVED CVE-2021-35246 RESERVED -CVE-2021-35245 - RESERVED +CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...) + TODO: check CVE-2021-35244 RESERVED CVE-2021-35243 RESERVED -CVE-2021-35242 - RESERVED +CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...) + TODO: check CVE-2021-35241 RESERVED CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...) @@ -42515,6 +42522,7 @@ CVE-2021-28703 NOTE: Debian including the fix. NOTE: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e (4.14.0-rc1) CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...) + {DSA-5017-1} - xen 4.14.3+32-g9de3671772-1 [buster] - xen (Vulnerable code introduced later) [stretch] - xen (Vulnerable code introduced later) @@ -51752,8 +51760,8 @@ CVE-2021-25043 RESERVED CVE-2021-25042 RESERVED -CVE-2021-25041 - RESERVED +CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...) + TODO: check CVE-2021-25040 RESERVED CVE-2021-25039 @@ -51948,34 +51956,34 @@ CVE-2021-24945 RESERVED CVE-2021-24944 RESERVED -CVE-2021-24943 - RESERVED +CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) + TODO: check CVE-2021-24942 RESERVED CVE-2021-24941 RESERVED CVE-2021-24940 RESERVED -CVE-2021-24939 - RESERVED -CVE-2021-24938 - RESERVED +CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...) + TODO: check +CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...) + TODO: check CVE-2021-24937 RESERVED CVE-2021-24936 RESERVED -CVE-2021-24935 - RESERVED +CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...) + TODO: check CVE-2021-24934 RESERVED CVE-2021-24933 RESERVED CVE-2021-24932 RESERVED -CVE-2021-24931 - RESERVED -CVE-2021-24930 - RESERVED +CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...) + TODO: check +CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...) + TODO: check CVE-2021-24929 RESERVED CVE-2021-24928 @@ -51986,8 +51994,8 @@ CVE-2021-24926 RESERVED CVE-2021-24925 RESERVED -CVE-2021-24924 - RESERVED +CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...) + TODO: check CVE-2021-24923 RESERVED CVE-2021-24922 @@ -52000,14 +52008,14 @@ CVE-2021-24919 RESERVED CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...) NOT-FOR-US: WordPress plugin -CVE-2021-24917 - RESERVED +CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...) + TODO: check CVE-2021-24916 RESERVED CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...) NOT-FOR-US: WordPress plugin -CVE-2021-24914 - RESERVED +CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...) + TODO: check CVE-2021-24913 RESERVED CVE-2021-24912 @@ -52102,8 +52110,8 @@ CVE-2021-24868 RESERVED CVE-2021-24867 RESERVED -CVE-2021-24866 - RESERVED +CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...) + TODO: check CVE-2021-24865 RESERVED CVE-2021-24864 @@ -52316,8 +52324,8 @@ CVE-2021-24761 RESERVED CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...) NOT-FOR-US: WordPress plugin -CVE-2021-24759 - RESERVED +CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some o ...) + TODO: check CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly validate ...) NOT-FOR-US: WordPress plugin CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform ...) @@ -52398,16 +52406,16 @@ CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1. NOT-FOR-US: WordPress plugin CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...) NOT-FOR-US: WordPress theme -CVE-2021-24718 - RESERVED +CVE-2021-24718 (The Contact Form, Survey & Popup Form Plugin for WordPress plugin ...) + TODO: check CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...) NOT-FOR-US: WordPress plugin CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...) NOT-FOR-US: WordPress plugin -CVE-2021-24714 - RESERVED +CVE-2021-24714 (The Import any XML or CSV File to WordPress plugin before 3.6.3 does n ...) + TODO: check CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and Video Less ...) NOT-FOR-US: WordPress plugin CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...) @@ -58212,8 +58220,8 @@ CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) [experimental] - gitlab 13.6.6-1 - gitlab -CVE-2021-22170 - RESERVED +CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...) + TODO: check CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...) - gitlab (Specific to EE) NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ -- cgit v1.2.3