summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2021-12-08 08:10:15 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2021-12-08 08:10:15 +0000
commit07b51db7faf613f8e621195e7ba4a1862aaabd20 (patch)
treecfe4ad7f96b2df7ddebce8061fa692fb0f8013e3
parent8708e141aa0e5bf4bac2da67d9a1ea88d7ea7e92 (diff)
automatic update
-rw-r--r--data/CVE/2018.list2
-rw-r--r--data/CVE/2020.list8
-rw-r--r--data/CVE/2021.list272
3 files changed, 183 insertions, 99 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index fe7a91d51f..077e53de9e 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,4 +1,4 @@
-CVE-2018-25020 [bpf: fix truncated jump targets on heavy expansions]
+CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...)
- linux 4.17.3-1
NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7)
CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index df8b890077..54f5baf7dd 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -9157,8 +9157,8 @@ CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10.
NOT-FOR-US: REDCap
CVE-2020-27357
RESERVED
-CVE-2020-27356
- RESERVED
+CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...)
+ TODO: check
CVE-2020-27355
RESERVED
CVE-2020-27354
@@ -20453,8 +20453,8 @@ CVE-2020-22423
RESERVED
CVE-2020-22422
RESERVED
-CVE-2020-22421
- RESERVED
+CVE-2020-22421 (74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vu ...)
+ TODO: check
CVE-2020-22420
RESERVED
CVE-2020-22419
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index d522ec0a57..f05b195ef2 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,89 @@
+CVE-2021-44738
+ RESERVED
+CVE-2021-44737
+ RESERVED
+CVE-2021-44736
+ RESERVED
+CVE-2021-44735
+ RESERVED
+CVE-2021-44734
+ RESERVED
+CVE-2021-44733
+ RESERVED
+CVE-2021-44732
+ RESERVED
+CVE-2021-44731
+ RESERVED
+CVE-2021-44730
+ RESERVED
+CVE-2021-44729
+ RESERVED
+CVE-2021-44728
+ RESERVED
+CVE-2021-44727
+ RESERVED
+CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
+ TODO: check
+CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
+ TODO: check
+CVE-2021-44724
+ RESERVED
+CVE-2021-44723
+ RESERVED
+CVE-2021-44722
+ RESERVED
+CVE-2021-44721
+ RESERVED
+CVE-2021-44720
+ RESERVED
+CVE-2021-44719
+ RESERVED
+CVE-2021-44718
+ RESERVED
+CVE-2021-44717
+ RESERVED
+CVE-2021-44716
+ RESERVED
+CVE-2021-44715
+ RESERVED
+CVE-2021-44714
+ RESERVED
+CVE-2021-44713
+ RESERVED
+CVE-2021-44712
+ RESERVED
+CVE-2021-44711
+ RESERVED
+CVE-2021-44710
+ RESERVED
+CVE-2021-44709
+ RESERVED
+CVE-2021-44708
+ RESERVED
+CVE-2021-44707
+ RESERVED
+CVE-2021-44706
+ RESERVED
+CVE-2021-44705
+ RESERVED
+CVE-2021-44704
+ RESERVED
+CVE-2021-44703
+ RESERVED
+CVE-2021-44702
+ RESERVED
+CVE-2021-44701
+ RESERVED
+CVE-2021-44700
+ RESERVED
+CVE-2021-44699
+ RESERVED
+CVE-2021-44698
+ RESERVED
+CVE-2021-44697
+ RESERVED
+CVE-2021-44696
+ RESERVED
CVE-2021-44695
RESERVED
CVE-2021-44694
@@ -683,8 +769,7 @@ CVE-2021-44422
RESERVED
CVE-2021-44421
RESERVED
-CVE-2021-44420 [Potential bypass of an upstream access control based on URL paths]
- RESERVED
+CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
- python-django 2:3.2.10-1
[bullseye] - python-django <no-dsa> (Minor issue)
[buster] - python-django <no-dsa> (Minor issue)
@@ -1327,10 +1412,10 @@ CVE-2021-44151
RESERVED
CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
NOT-FOR-US: tusdotnet
-CVE-2021-44149
- RESERVED
-CVE-2021-44148
- RESERVED
+CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...)
+ TODO: check
+CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
+ TODO: check
CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
NOT-FOR-US: Claris
CVE-2021-44146
@@ -1793,8 +1878,8 @@ CVE-2021-43965
RESERVED
CVE-2021-43964
RESERVED
-CVE-2021-43963
- RESERVED
+CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...)
+ TODO: check
CVE-2021-43962
RESERVED
CVE-2021-43961
@@ -2126,12 +2211,12 @@ CVE-2021-43812
RESERVED
CVE-2021-43811
RESERVED
-CVE-2021-43810
- RESERVED
+CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
+ TODO: check
CVE-2021-43809
RESERVED
-CVE-2021-43808
- RESERVED
+CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
+ TODO: check
CVE-2021-43807
RESERVED
CVE-2021-43806
@@ -2497,10 +2582,10 @@ CVE-2021-43640
RESERVED
CVE-2021-43639
RESERVED
-CVE-2021-43638
- RESERVED
-CVE-2021-43637
- RESERVED
+CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...)
+ TODO: check
+CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...)
+ TODO: check
CVE-2021-43636
RESERVED
CVE-2021-43635
@@ -4115,76 +4200,76 @@ CVE-2021-43008
RESERVED
CVE-2021-43007
RESERVED
-CVE-2021-43006
- RESERVED
+CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
+ TODO: check
CVE-2021-43005
RESERVED
CVE-2021-43004
RESERVED
-CVE-2021-43003
- RESERVED
-CVE-2021-43002
- RESERVED
+CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...)
+ TODO: check
+CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...)
+ TODO: check
CVE-2021-43001
RESERVED
-CVE-2021-43000
- RESERVED
+CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...)
+ TODO: check
CVE-2021-42999
RESERVED
CVE-2021-42998
RESERVED
CVE-2021-42997
RESERVED
-CVE-2021-42996
- RESERVED
+CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
+ TODO: check
CVE-2021-42995
RESERVED
-CVE-2021-42994
- RESERVED
-CVE-2021-42993
- RESERVED
+CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
+ TODO: check
+CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
+ TODO: check
CVE-2021-42992
RESERVED
CVE-2021-42991
RESERVED
-CVE-2021-42990
- RESERVED
+CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...)
+ TODO: check
CVE-2021-42989
RESERVED
-CVE-2021-42988
- RESERVED
-CVE-2021-42987
- RESERVED
-CVE-2021-42986
- RESERVED
+CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...)
+ TODO: check
+CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...)
+ TODO: check
+CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...)
+ TODO: check
CVE-2021-42985
RESERVED
CVE-2021-42984
RESERVED
-CVE-2021-42983
- RESERVED
+CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...)
+ TODO: check
CVE-2021-42982
RESERVED
CVE-2021-42981
RESERVED
-CVE-2021-42980
- RESERVED
-CVE-2021-42979
- RESERVED
+CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...)
+ TODO: check
+CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...)
+ TODO: check
CVE-2021-42978
RESERVED
-CVE-2021-42977
- RESERVED
-CVE-2021-42976
- RESERVED
+CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...)
+ TODO: check
+CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...)
+ TODO: check
CVE-2021-42975
RESERVED
CVE-2021-42974
RESERVED
-CVE-2021-42973
- RESERVED
-CVE-2021-42972
- RESERVED
+CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...)
+ TODO: check
+CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...)
+ TODO: check
CVE-2021-42971
RESERVED
CVE-2021-42970
@@ -4741,8 +4826,7 @@ CVE-2021-42718
RESERVED
CVE-2021-3894
RESERVED
-CVE-2021-42717 [ModSecurity DoS Vulnerability in JSON Parsing]
- RESERVED
+CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
- modsecurity 3.0.6-1
- modsecurity-apache 2.9.5-1
[stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
@@ -4813,22 +4897,22 @@ CVE-2021-42690
RESERVED
CVE-2021-42689
RESERVED
-CVE-2021-42688
- RESERVED
-CVE-2021-42687
- RESERVED
-CVE-2021-42686
- RESERVED
-CVE-2021-42685
- RESERVED
+CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...)
+ TODO: check
+CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ TODO: check
+CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...)
+ TODO: check
+CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ TODO: check
CVE-2021-42684
RESERVED
-CVE-2021-42683
- RESERVED
-CVE-2021-42682
- RESERVED
-CVE-2021-42681
- RESERVED
+CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ TODO: check
+CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ TODO: check
+CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...)
+ TODO: check
CVE-2021-42680
RESERVED
CVE-2021-42679
@@ -5060,8 +5144,8 @@ CVE-2021-42569
RESERVED
CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...)
NOT-FOR-US: Sonatype
-CVE-2021-42567
- RESERVED
+CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...)
+ TODO: check
CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
NOT-FOR-US: myfactory.FMS
CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
@@ -8013,12 +8097,12 @@ CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
NOT-FOR-US: Atlassian
-CVE-2021-41311
- RESERVED
+CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...)
+ TODO: check
CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
NOT-FOR-US: Atlassian
-CVE-2021-41309
- RESERVED
+CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...)
+ TODO: check
CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
NOT-FOR-US: Atlassian
CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -9777,8 +9861,8 @@ CVE-2021-40580
RESERVED
CVE-2021-40579
RESERVED
-CVE-2021-40578
- RESERVED
+CVE-2021-40578 (Authenticated Blind &amp; Error-based SQL injection vulnerability was ...)
+ TODO: check
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
NOT-FOR-US: Sourcecodester
CVE-2021-40576
@@ -10542,8 +10626,8 @@ CVE-2021-40290
RESERVED
CVE-2021-40289
RESERVED
-CVE-2021-40288
- RESERVED
+CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ TODO: check
CVE-2021-40287
RESERVED
CVE-2021-40286
@@ -14173,8 +14257,8 @@ CVE-2021-38761
RESERVED
CVE-2021-38760
RESERVED
-CVE-2021-38759
- RESERVED
+CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...)
+ TODO: check
CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
NOT-FOR-US: Directory traversal in Online Catering Reservation System
CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
@@ -18966,8 +19050,8 @@ CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack th
NOT-FOR-US: HCC Embedded InterNiche NicheStack
CVE-2021-36761
RESERVED
-CVE-2021-36760
- RESERVED
+CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...)
+ TODO: check
CVE-2021-36759
RESERVED
CVE-2021-3651
@@ -20350,8 +20434,8 @@ CVE-2021-36135
RESERVED
CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
NOT-FOR-US: McAfee
-CVE-2021-36133
- RESERVED
+CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
+ TODO: check
CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
NOT-FOR-US: FileImport MediaWiki extension
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
@@ -24062,10 +24146,10 @@ CVE-2021-34546 (An unauthenticated attacker with physical access to a computer w
NOT-FOR-US: NetSetMan Pro
CVE-2021-34545
RESERVED
-CVE-2021-34544
- RESERVED
-CVE-2021-34543
- RESERVED
+CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...)
+ TODO: check
+CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...)
+ TODO: check
CVE-2021-34542
RESERVED
CVE-2021-34541
@@ -38579,8 +38663,8 @@ CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remo
- envoyproxy <itp> (bug #987544)
CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
NOT-FOR-US: Pion WebRTC
-CVE-2021-28680
- RESERVED
+CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...)
+ TODO: check
CVE-2021-28679
RESERVED
CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
@@ -43614,8 +43698,8 @@ CVE-2021-3372
RESERVED
CVE-2021-3371
RESERVED
-CVE-2021-3370
- RESERVED
+CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...)
+ TODO: check
CVE-2021-3369
RESERVED
CVE-2021-3368
@@ -49447,8 +49531,8 @@ CVE-2021-24043
RESERVED
CVE-2021-24042
RESERVED
-CVE-2021-24041
- RESERVED
+CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
+ TODO: check
CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...)
NOT-FOR-US: Facebook ParlAI
CVE-2021-24039

© 2014-2022 Faster IT GmbH | imprint | privacy policy