summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2021-12-02 20:10:13 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2021-12-02 20:10:13 +0000
commitbc96bb8d72a17687611a33628b2e3b211b407263 (patch)
tree6f2b8b6587eff6dbe81943262842383008fc3b9d
parentf49ced055d5310dc353a96c1ca6f195db84603e9 (diff)
automatic update
-rw-r--r--data/CVE/2015.list8
-rw-r--r--data/CVE/2021.list99
2 files changed, 63 insertions, 44 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 3677b75de5..2d038fb128 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,7 +1,7 @@
-CVE-2015-20106
- RESERVED
-CVE-2015-20105
- RESERVED
+CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...)
+ TODO: check
+CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...)
+ TODO: check
CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
NOT-FOR-US: WordPress plugin
CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f502bc2d23..e7649d972f 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,9 +1,27 @@
+CVE-2021-44521
+ RESERVED
+CVE-2021-4046
+ RESERVED
+CVE-2021-4045
+ RESERVED
+CVE-2021-4044
+ RESERVED
+CVE-2021-4043
+ RESERVED
+CVE-2021-4042
+ RESERVED
+CVE-2021-4041
+ RESERVED
+CVE-2021-4040
+ RESERVED
+CVE-2021-4039
+ RESERVED
CVE-2021-44520
RESERVED
CVE-2021-44519
RESERVED
-CVE-2021-44518
- RESERVED
+CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
+ TODO: check
CVE-2021-44517
RESERVED
CVE-2021-44516
@@ -489,11 +507,11 @@ CVE-2021-44281
RESERVED
CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
NOT-FOR-US: attendance management system
-CVE-2021-44279 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting ...)
+CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: LibreNMS
CVE-2021-44278
RESERVED
-CVE-2021-44277 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting ...)
+CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: LibreNMS
CVE-2021-44276
RESERVED
@@ -1079,8 +1097,8 @@ CVE-2021-44052
RESERVED
CVE-2021-44051
RESERVED
-CVE-2021-44050
- RESERVED
+CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
+ TODO: check
CVE-2021-44049
RESERVED
CVE-2021-44048
@@ -1661,8 +1679,8 @@ CVE-2021-43797
RESERVED
CVE-2021-43796
RESERVED
-CVE-2021-43795
- RESERVED
+CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
+ TODO: check
CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...)
NOT-FOR-US: Discourse
CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...)
@@ -1895,28 +1913,28 @@ CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerabilit
NOT-FOR-US: tripexpress
CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: YurunProxy
-CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by is affected by a Cros ...)
+CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...)
TODO: check
CVE-2021-43688
RESERVED
CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
NOT-FOR-US: Chamilo-lms
-CVE-2021-43686
- RESERVED
+CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
+ TODO: check
CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
TODO: check
CVE-2021-43684
RESERVED
-CVE-2021-43683
- RESERVED
-CVE-2021-43682
- RESERVED
-CVE-2021-43681
- RESERVED
+CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ TODO: check
+CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...)
+ TODO: check
+CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
+ TODO: check
CVE-2021-43680
RESERVED
-CVE-2021-43679
- RESERVED
+CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
+ TODO: check
CVE-2021-43678
RESERVED
CVE-2021-43677
@@ -2039,6 +2057,7 @@ CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Ru
CVE-2021-43619
RESERVED
CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
+ {DLA-2837-1}
- gmp 2:6.2.1+dfsg-3 (bug #994405)
[bullseye] - gmp <no-dsa> (Minor issue)
[buster] - gmp <no-dsa> (Minor issue)
@@ -2184,8 +2203,8 @@ CVE-2021-3946
RESERVED
CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
NOT-FOR-US: django-helpdesk
-CVE-2021-3944
- RESERVED
+CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
@@ -2298,7 +2317,7 @@ CVE-2021-43528
RESERVED
CVE-2021-43527 [Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures]
RESERVED
- {DSA-5016-1}
+ {DSA-5016-1 DLA-2836-1}
- nss 2:3.73-1
NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4
NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
@@ -9806,10 +9825,10 @@ CVE-2021-40336
RESERVED
CVE-2021-40335
RESERVED
-CVE-2021-40334
- RESERVED
-CVE-2021-40333
- RESERVED
+CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
+ TODO: check
+CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
+ TODO: check
CVE-2021-40332
RESERVED
CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks]
@@ -50676,20 +50695,20 @@ CVE-2021-23266
RESERVED
CVE-2021-23265
RESERVED
-CVE-2021-23264
- RESERVED
-CVE-2021-23263
- RESERVED
-CVE-2021-23262
- RESERVED
-CVE-2021-23261
- RESERVED
-CVE-2021-23260
- RESERVED
-CVE-2021-23259
- RESERVED
-CVE-2021-23258
- RESERVED
+CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
+ TODO: check
+CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)
+ TODO: check
+CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...)
+ TODO: check
+CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...)
+ TODO: check
+CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...)
+ TODO: check
+CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute ...)
+ TODO: check
+CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute ...)
+ TODO: check
CVE-2021-23257
RESERVED
CVE-2021-23256

© 2014-2022 Faster IT GmbH | imprint | privacy policy