From a0f49502c5a6bf6788f6aff21a0ec0b877a7566e Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 26 Oct 2021 20:10:12 +0000 Subject: automatic update --- data/CVE/list | 138 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 72 insertions(+), 66 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 8beecb05d7..199a565b20 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2021-3906 + RESERVED +CVE-2018-25019 + RESERVED +CVE-2015-20067 + RESERVED +CVE-2015-20019 + RESERVED CVE-2021-43032 RESERVED CVE-2021-43031 @@ -2489,8 +2497,8 @@ CVE-2021-42345 RESERVED CVE-2021-42344 RESERVED -CVE-2021-42343 - RESERVED +CVE-2021-42343 (An issue was discovered in Dask (aka python-dask) through 2021.09.1. S ...) + TODO: check CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...) NOT-FOR-US: Embedthis GoAhead CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...) @@ -3813,8 +3821,8 @@ CVE-2021-41875 RESERVED CVE-2021-41874 RESERVED -CVE-2021-41873 - RESERVED +CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) + TODO: check CVE-2021-41872 RESERVED CVE-2021-41871 @@ -5371,20 +5379,20 @@ CVE-2021-41190 RESERVED CVE-2021-41189 RESERVED -CVE-2021-41188 - RESERVED +CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) + TODO: check CVE-2021-41187 RESERVED CVE-2021-41186 RESERVED -CVE-2021-41185 - RESERVED -CVE-2021-41184 - RESERVED -CVE-2021-41183 - RESERVED -CVE-2021-41182 - RESERVED +CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) + TODO: check +CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + TODO: check +CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + TODO: check +CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + TODO: check CVE-2021-41181 RESERVED CVE-2021-41180 @@ -5397,14 +5405,14 @@ CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. TODO: check CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) NOT-FOR-US: Pterodactyl -CVE-2021-41175 - RESERVED +CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...) + TODO: check CVE-2021-41174 RESERVED -CVE-2021-41173 - RESERVED -CVE-2021-41172 - RESERVED +CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) + TODO: check +CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...) + TODO: check CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...) NOT-FOR-US: eLabFTW CVE-2021-41170 @@ -5441,12 +5449,10 @@ CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq -CVE-2021-41158 - RESERVED +CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 -CVE-2021-41157 - RESERVED +CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) @@ -5638,8 +5644,8 @@ CVE-2021-3802 - udisks2 2.9.4-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649 NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt -CVE-2021-41078 - RESERVED +CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...) + TODO: check CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...) - node-prismjs 1.25.0+dfsg-1 [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1 @@ -7364,12 +7370,12 @@ CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add [stretch] - haproxy (Vulnerable code not present) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 -CVE-2021-40345 - RESERVED -CVE-2021-40344 - RESERVED -CVE-2021-40343 - RESERVED +CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...) + TODO: check +CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...) + TODO: check +CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...) + TODO: check CVE-2021-40342 RESERVED CVE-2021-40341 @@ -14520,10 +14526,10 @@ CVE-2021-37374 RESERVED CVE-2021-37373 RESERVED -CVE-2021-37372 - RESERVED -CVE-2021-37371 - RESERVED +CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...) + TODO: check +CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...) + TODO: check CVE-2021-37370 RESERVED CVE-2021-37369 @@ -14536,10 +14542,10 @@ CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request fo NOT-FOR-US: CTparental CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...) NOT-FOR-US: CTparental -CVE-2021-37364 - RESERVED -CVE-2021-37363 - RESERVED +CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...) + TODO: check +CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...) + TODO: check CVE-2021-37362 RESERVED CVE-2021-37361 @@ -18938,8 +18944,8 @@ CVE-2021-3620 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767 CVE-2021-35500 RESERVED -CVE-2021-35499 - RESERVED +CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...) + TODO: check CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) NOT-FOR-US: TIBCO CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) @@ -20986,14 +20992,14 @@ CVE-2021-34598 RESERVED CVE-2021-34597 RESERVED -CVE-2021-34596 - RESERVED -CVE-2021-34595 - RESERVED +CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...) + TODO: check +CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...) + TODO: check CVE-2021-34594 RESERVED -CVE-2021-34593 - RESERVED +CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...) + TODO: check CVE-2021-34592 RESERVED CVE-2021-34591 @@ -21006,14 +21012,14 @@ CVE-2021-34588 RESERVED CVE-2021-34587 RESERVED -CVE-2021-34586 - RESERVED -CVE-2021-34585 - RESERVED -CVE-2021-34584 - RESERVED -CVE-2021-34583 - RESERVED +CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) + TODO: check +CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) + TODO: check +CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...) + TODO: check +CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...) + TODO: check CVE-2021-34582 RESERVED CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...) @@ -41024,12 +41030,12 @@ CVE-2021-26611 RESERVED CVE-2021-26610 RESERVED -CVE-2021-26609 - RESERVED +CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...) + TODO: check CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...) NOT-FOR-US: handysoft -CVE-2021-26607 - RESERVED +CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of NEXACRO17 ...) + TODO: check CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...) NOT-FOR-US: Dream Security CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...) @@ -124349,8 +124355,8 @@ CVE-2020-5671 RESERVED CVE-2020-5670 RESERVED -CVE-2020-5669 - RESERVED +CVE-2020-5669 (Cross-site scripting vulnerability in Movable Type Movable Type Premiu ...) + TODO: check CVE-2020-5668 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series ...) NOT-FOR-US: Mitsubishi Electric CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS ...) @@ -422276,8 +422282,8 @@ CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09- - ruby1.9.1 (Only affected trunk versions) CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...) - yubico-pam 2.10-1 -CVE-2011-4119 - RESERVED +CVE-2011-4119 (caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe t ...) + TODO: check CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...) NOT-FOR-US: perl Batch::BatchRun CPAN module CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...) @@ -428088,8 +428094,8 @@ CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rail - rails (Affected plugin not installed, see bug #634990) CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...) NOT-FOR-US: JBoss Seam -CVE-2011-2195 - RESERVED +CVE-2011-2195 (A flaw was found in WebSVN 2.3.2. Without prior authentication, if the ...) + TODO: check CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue ...) {DSA-2329-1} - torque 2.4.15+dfsg-1 (bug #635342) -- cgit v1.2.3