diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-11-24 08:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-24 08:10:17 +0000 |
commit | 21ade62fae7684637d7cf649ff0fc231e3cb0b5e (patch) | |
tree | 0857c636dc13c0324401886b904ac4ddf73d5bb5 | |
parent | 2023a0650d420795286457775579bc8c37df1284 (diff) |
automatic update
-rw-r--r-- | data/CVE/2015.list | 60 | ||||
-rw-r--r-- | data/CVE/2017.list | 6 | ||||
-rw-r--r-- | data/CVE/2018.list | 174 | ||||
-rw-r--r-- | data/CVE/2021.list | 272 |
4 files changed, 252 insertions, 260 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 7d6b0836b4..7ea1ae1d23 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -728,7 +728,7 @@ CVE-2015-9227 (PHP remote file inclusion vulnerability in the get_file function CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remot ...) NOT-FOR-US: AlegroCart CVE-2015-9225 - RESERVED + REJECTED CVE-2015-9224 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9223 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -750,7 +750,7 @@ CVE-2015-9216 (In Android before 2018-04-05 or earlier security patch level on Q CVE-2015-9215 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9214 - RESERVED + REJECTED CVE-2015-9213 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9212 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -842,7 +842,7 @@ CVE-2015-9170 (In Android before 2018-04-05 or earlier security patch level on Q CVE-2015-9169 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9168 - RESERVED + REJECTED CVE-2015-9167 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9166 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -868,9 +868,9 @@ CVE-2015-9157 (In Android before 2018-04-05 or earlier security patch level on Q CVE-2015-9156 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9155 - RESERVED + REJECTED CVE-2015-9154 - RESERVED + REJECTED CVE-2015-9153 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9152 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -928,7 +928,7 @@ CVE-2015-9127 (In Android before 2018-04-05 or earlier security patch level on Q CVE-2015-9126 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9125 - RESERVED + REJECTED CVE-2015-9124 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -936,7 +936,7 @@ CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on Q CVE-2015-9122 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9121 - RESERVED + REJECTED CVE-2015-9120 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -944,7 +944,7 @@ CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on Q CVE-2015-9118 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9117 - RESERVED + REJECTED CVE-2015-9116 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9115 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -989,49 +989,49 @@ CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command inje NOTE: https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee NOTE: https://github.com/rubysec/ruby-advisory-db/issues/215 CVE-2015-9095 - RESERVED + REJECTED CVE-2015-9094 - RESERVED + REJECTED CVE-2015-9093 - RESERVED + REJECTED CVE-2015-9092 - RESERVED + REJECTED CVE-2015-9091 - RESERVED + REJECTED CVE-2015-9090 - RESERVED + REJECTED CVE-2015-9089 - RESERVED + REJECTED CVE-2015-9088 - RESERVED + REJECTED CVE-2015-9087 - RESERVED + REJECTED CVE-2015-9086 - RESERVED + REJECTED CVE-2015-9085 - RESERVED + REJECTED CVE-2015-9084 - RESERVED + REJECTED CVE-2015-9083 - RESERVED + REJECTED CVE-2015-9082 - RESERVED + REJECTED CVE-2015-9081 - RESERVED + REJECTED CVE-2015-9080 - RESERVED + REJECTED CVE-2015-9079 - RESERVED + REJECTED CVE-2015-9078 - RESERVED + REJECTED CVE-2015-9077 - RESERVED + REJECTED CVE-2015-9076 - RESERVED + REJECTED CVE-2015-9075 - RESERVED + REJECTED CVE-2015-9074 - RESERVED + REJECTED CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the Linu ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index e2e5cd0b2a..7087be7f8c 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -11740,7 +11740,7 @@ CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE i ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14874 - RESERVED + REJECTED CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur ...) @@ -30678,7 +30678,7 @@ CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the CVE-2017-8250 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8249 - RESERVED + REJECTED CVE-2017-8248 (A buffer overflow may occur in the processing of a downlink NAS messag ...) NOT-FOR-US: Qualcomm Telephony CVE-2017-8247 (In all Qualcomm products with Android releases from CAF using the Linu ...) @@ -30714,7 +30714,7 @@ CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out o CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...) NOT-FOR-US: Android driver CVE-2017-8232 - RESERVED + REJECTED CVE-2017-8231 RESERVED CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 4d1c984100..63aa75498e 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -19660,103 +19660,103 @@ CVE-2018-13971 CVE-2018-13970 RESERVED CVE-2018-13969 - RESERVED + REJECTED CVE-2018-13968 - RESERVED + REJECTED CVE-2018-13967 - RESERVED + REJECTED CVE-2018-13966 - RESERVED + REJECTED CVE-2018-13965 - RESERVED + REJECTED CVE-2018-13964 - RESERVED + REJECTED CVE-2018-13963 - RESERVED + REJECTED CVE-2018-13962 - RESERVED + REJECTED CVE-2018-13961 - RESERVED + REJECTED CVE-2018-13960 - RESERVED + REJECTED CVE-2018-13959 - RESERVED + REJECTED CVE-2018-13958 - RESERVED + REJECTED CVE-2018-13957 - RESERVED + REJECTED CVE-2018-13956 - RESERVED + REJECTED CVE-2018-13955 - RESERVED + REJECTED CVE-2018-13954 - RESERVED + REJECTED CVE-2018-13953 - RESERVED + REJECTED CVE-2018-13952 - RESERVED + REJECTED CVE-2018-13951 - RESERVED + REJECTED CVE-2018-13950 - RESERVED + REJECTED CVE-2018-13949 - RESERVED + REJECTED CVE-2018-13948 - RESERVED + REJECTED CVE-2018-13947 - RESERVED + REJECTED CVE-2018-13946 - RESERVED + REJECTED CVE-2018-13945 - RESERVED + REJECTED CVE-2018-13944 - RESERVED + REJECTED CVE-2018-13943 - RESERVED + REJECTED CVE-2018-13942 - RESERVED + REJECTED CVE-2018-13941 - RESERVED + REJECTED CVE-2018-13940 - RESERVED + REJECTED CVE-2018-13939 - RESERVED + REJECTED CVE-2018-13938 - RESERVED + REJECTED CVE-2018-13937 - RESERVED + REJECTED CVE-2018-13936 - RESERVED + REJECTED CVE-2018-13935 - RESERVED + REJECTED CVE-2018-13934 - RESERVED + REJECTED CVE-2018-13933 - RESERVED + REJECTED CVE-2018-13932 - RESERVED + REJECTED CVE-2018-13931 - RESERVED + REJECTED CVE-2018-13930 - RESERVED + REJECTED CVE-2018-13929 - RESERVED + REJECTED CVE-2018-13928 - RESERVED + REJECTED CVE-2018-13927 (Debug policy with invalid signature can be loaded when the debug polic ...) NOT-FOR-US: Snapdragon CVE-2018-13926 - RESERVED + REJECTED CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13924 (Lack of check to prevent the buffer length taking negative values can ...) NOT-FOR-US: Snapdragon CVE-2018-13923 - RESERVED + REJECTED CVE-2018-13922 - RESERVED + REJECTED CVE-2018-13921 - RESERVED + REJECTED CVE-2018-13920 (Use-after-free condition due to Improper handling of hrtimers when the ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13919 (Use-after-free vulnerability will occur if reset of the routing table ...) @@ -19769,7 +19769,7 @@ CVE-2018-13917 CVE-2018-13916 (Out-of-bounds memory access in Qurt kernel function when using the ide ...) NOT-FOR-US: Snapdragon CVE-2018-13915 - RESERVED + REJECTED CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-13913 (Improper validation of array index can lead to unauthorized access whi ...) @@ -19815,11 +19815,11 @@ CVE-2018-13894 CVE-2018-13893 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-13892 - RESERVED + REJECTED CVE-2018-13891 - RESERVED + REJECTED CVE-2018-13890 - RESERVED + REJECTED CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due to de r ...) @@ -19833,13 +19833,13 @@ CVE-2018-13885 (Possible memory overread may be lead to access of sensitive data CVE-2018-13884 REJECTED CVE-2018-13883 - RESERVED + REJECTED CVE-2018-13882 - RESERVED + REJECTED CVE-2018-13881 - RESERVED + REJECTED CVE-2018-13880 - RESERVED + REJECTED CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in Rocke ...) NOT-FOR-US: Rocket.Chat CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.j ...) @@ -24692,11 +24692,11 @@ CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM, QRD CVE-2018-12010 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-12009 - RESERVED + REJECTED CVE-2018-12008 - RESERVED + REJECTED CVE-2018-12007 - RESERVED + REJECTED CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system halt i ...) @@ -24704,19 +24704,19 @@ CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system CVE-2018-12004 (Secure keypad is unlocked with secure display still intact in Snapdrag ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-12003 - RESERVED + REJECTED CVE-2018-12002 - RESERVED + REJECTED CVE-2018-12001 - RESERVED + REJECTED CVE-2018-12000 - RESERVED + REJECTED CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service i ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can o ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11997 - RESERVED + REJECTED CVE-2018-11996 (When a malformed command is sent to the device programmer, an out-of-b ...) NOT-FOR-US: Snapdragon CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -24726,11 +24726,11 @@ CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to acc CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT connecti ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11992 - RESERVED + REJECTED CVE-2018-11991 - RESERVED + REJECTED CVE-2018-11990 - RESERVED + REJECTED CVE-2018-11989 REJECTED CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -24755,7 +24755,7 @@ CVE-2018-11981 CVE-2018-11980 (When a fake broadcast/multicast 11w rmf without mmie received, since n ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11979 - RESERVED + REJECTED CVE-2018-11978 REJECTED CVE-2018-11977 @@ -24799,7 +24799,7 @@ CVE-2018-11959 CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11957 - RESERVED + REJECTED CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Android CVE-2018-11955 (Lack of check on length of reason-code fetched from payload may lead d ...) @@ -24826,7 +24826,7 @@ CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD CVE-2018-11945 (Improper input validation in wireless service messaging module for dat ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11944 - RESERVED + REJECTED CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...) @@ -24862,7 +24862,7 @@ CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow whil CVE-2018-11927 (Improper input validation on input which is used as an array index wil ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11926 - RESERVED + REJECTED CVE-2018-11925 (Data length received from firmware is not validated against the max al ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11924 (Improper buffer length validation in WLAN function can lead to a poten ...) @@ -24884,7 +24884,7 @@ CVE-2018-11917 CVE-2018-11916 RESERVED CVE-2018-11915 - RESERVED + REJECTED CVE-2018-11914 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11913 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -24912,9 +24912,9 @@ CVE-2018-11903 (In all android releases (Android for MSM, Firefox OS for MSM, QR CVE-2018-11902 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11901 - RESERVED + REJECTED CVE-2018-11900 - RESERVED + REJECTED CVE-2018-11899 (While processing radio connection status change events, Radio index is ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -24922,7 +24922,7 @@ CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QR CVE-2018-11897 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11896 - RESERVED + REJECTED CVE-2018-11895 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11894 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -24934,17 +24934,17 @@ CVE-2018-11892 CVE-2018-11891 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11890 - RESERVED + REJECTED CVE-2018-11889 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11888 (Unauthorized access may be allowed by the SCP11 Crypto Services TA wil ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11887 - RESERVED + REJECTED CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11885 - RESERVED + REJECTED CVE-2018-11884 (Improper input validation leads to buffer overflow while processing ne ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -25018,7 +25018,7 @@ CVE-2018-11850 (Lack of check on remaining length parameter When processing scan CVE-2018-11849 (Lack of check on out of range of bssid parameter When processing scan ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11848 - RESERVED + REJECTED CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by corru ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...) @@ -25026,17 +25026,17 @@ CVE-2018-11846 (The use of a non-time-constant memory comparison operation can l CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to informatio ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11844 - RESERVED + REJECTED CVE-2018-11843 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11842 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11841 - RESERVED + REJECTED CVE-2018-11840 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11839 - RESERVED + REJECTED CVE-2018-11838 (Possible double free issue in WLAN due to lack of checking memory free ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11837 @@ -25044,19 +25044,19 @@ CVE-2018-11837 CVE-2018-11836 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11835 - RESERVED + REJECTED CVE-2018-11834 - RESERVED + REJECTED CVE-2018-11833 - RESERVED + REJECTED CVE-2018-11832 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Android kernel, code not in mainline CVE-2018-11831 - RESERVED + REJECTED CVE-2018-11830 (Improper input validation in QCPE create function may lead to integer ...) NOT-FOR-US: Snapdragon CVE-2018-11829 - RESERVED + REJECTED CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -26626,13 +26626,13 @@ CVE-2018-11307 (An issue was discovered in FasterXML jackson-databind 2.0.0 thro NOTE: https://github.com/FasterXML/jackson-databind/issues/2032 NOTE: https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737 CVE-2018-11306 - RESERVED + REJECTED CVE-2018-11305 (When a series of FDAL messages are sent to the modem, a Use After Free ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11304 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11303 - RESERVED + REJECTED CVE-2018-11302 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11301 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 92472d05a9..c5d80515c0 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,9 @@ +CVE-2021-4014 + RESERVED +CVE-2021-4013 + RESERVED +CVE-2021-4012 + RESERVED CVE-2021-44195 RESERVED CVE-2021-44194 @@ -949,18 +955,18 @@ CVE-2021-43782 RESERVED CVE-2021-43781 RESERVED -CVE-2021-43780 - RESERVED +CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...) + TODO: check CVE-2021-43779 RESERVED CVE-2021-43778 RESERVED -CVE-2021-43777 - RESERVED +CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...) + TODO: check CVE-2021-43776 RESERVED -CVE-2021-43775 - RESERVED +CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...) + TODO: check CVE-2021-3967 RESERVED CVE-2021-3966 @@ -2277,10 +2283,10 @@ CVE-2021-43223 RESERVED CVE-2021-43222 RESERVED -CVE-2021-43221 - RESERVED -CVE-2021-43220 - RESERVED +CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...) + TODO: check +CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...) + TODO: check CVE-2021-43219 RESERVED CVE-2021-43218 @@ -2297,8 +2303,8 @@ CVE-2021-43213 RESERVED CVE-2021-43212 RESERVED -CVE-2021-43211 - RESERVED +CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) + TODO: check CVE-2021-43210 RESERVED CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) @@ -3253,12 +3259,12 @@ CVE-2021-42787 RESERVED CVE-2021-42786 RESERVED -CVE-2021-42785 - RESERVED -CVE-2021-42784 - RESERVED -CVE-2021-42783 - RESERVED +CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...) + TODO: check +CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...) + TODO: check +CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...) + TODO: check CVE-2021-42782 RESERVED CVE-2021-42781 @@ -4347,12 +4353,12 @@ CVE-2021-42310 RESERVED CVE-2021-42309 RESERVED -CVE-2021-42308 - RESERVED +CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...) + TODO: check CVE-2021-42307 RESERVED -CVE-2021-42306 - RESERVED +CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability ...) + TODO: check CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) NOT-FOR-US: Microsoft CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) @@ -4369,8 +4375,8 @@ CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability .. NOT-FOR-US: Microsoft CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft -CVE-2021-42297 - RESERVED +CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) + TODO: check CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-42295 @@ -6738,8 +6744,7 @@ CVE-2021-41283 RESERVED CVE-2021-41282 RESERVED -CVE-2021-41281 [Path traversal when downloading remote media] - RESERVED +CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/Twiste ...) - matrix-synapse 1.47.1-1 (bug #1000451) NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c @@ -6932,8 +6937,8 @@ CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps n NOT-FOR-US: FirstUseAuthenticator for JupyterHub CVE-2021-41193 RESERVED -CVE-2021-41192 - RESERVED +CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...) + TODO: check CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...) NOT-FOR-US: Roblox-Purchasing-Hub CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...) @@ -12256,8 +12261,8 @@ CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vul NOT-FOR-US: IBM CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) NOT-FOR-US: IBM -CVE-2021-38980 - RESERVED +CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle ...) + TODO: check CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...) NOT-FOR-US: IBM CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) @@ -12434,10 +12439,10 @@ CVE-2021-38893 RESERVED CVE-2021-38892 RESERVED -CVE-2021-38891 - RESERVED -CVE-2021-38890 - RESERVED +CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...) + TODO: check +CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...) + TODO: check CVE-2021-38889 RESERVED CVE-2021-38888 @@ -12466,8 +12471,8 @@ CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored NOT-FOR-US: IBM CVE-2021-38876 RESERVED -CVE-2021-38875 - RESERVED +CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...) + TODO: check CVE-2021-38874 RESERVED CVE-2021-38873 @@ -14612,34 +14617,27 @@ CVE-2021-38006 RESERVED CVE-2021-38005 RESERVED -CVE-2021-38004 - RESERVED -CVE-2021-38003 - RESERVED +CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + TODO: check +CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-38002 - RESERVED +CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-38001 - RESERVED +CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-38000 - RESERVED +CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37999 - RESERVED +CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37998 - RESERVED +CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37997 - RESERVED +CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...) @@ -18442,14 +18440,14 @@ CVE-2021-36337 RESERVED CVE-2021-36336 RESERVED -CVE-2021-36335 - RESERVED -CVE-2021-36334 - RESERVED -CVE-2021-36333 - RESERVED -CVE-2021-36332 - RESERVED +CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...) + TODO: check +CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...) + TODO: check +CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflo ...) + TODO: check +CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javas ...) + TODO: check CVE-2021-36331 RESERVED CVE-2021-36330 @@ -18484,14 +18482,14 @@ CVE-2021-36316 RESERVED CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...) NOT-FOR-US: EMC -CVE-2021-36314 - RESERVED -CVE-2021-36313 - RESERVED -CVE-2021-36312 - RESERVED -CVE-2021-36311 - RESERVED +CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...) + TODO: check +CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS command in ...) + TODO: check +CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Pas ...) + TODO: check +CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper Authoriz ...) + TODO: check CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5 ...) NOT-FOR-US: Dell CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...) @@ -18510,12 +18508,12 @@ CVE-2021-36303 RESERVED CVE-2021-36302 RESERVED -CVE-2021-36301 - RESERVED -CVE-2021-36300 - RESERVED -CVE-2021-36299 - RESERVED +CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...) + TODO: check +CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...) + TODO: check +CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and ...) + TODO: check CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...) NOT-FOR-US: EMC CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...) @@ -20107,7 +20105,7 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo NOTE: Fixed in MariaDB: 10.5.13, 10.3.32 TODO: clarify MariaDB 10.6 status CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -20145,7 +20143,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition CVE-2021-35587 RESERVED CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -20164,7 +20162,7 @@ CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35579 RESERVED CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -20189,7 +20187,7 @@ CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Orac CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -20200,7 +20198,7 @@ CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -20209,14 +20207,14 @@ CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...) - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -20225,7 +20223,7 @@ CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Ser CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) - {DSA-5000-1 DLA-2814-1} + {DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 @@ -21462,8 +21460,8 @@ CVE-2021-35035 RESERVED CVE-2021-35034 RESERVED -CVE-2021-35033 - RESERVED +CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...) + TODO: check CVE-2021-35032 RESERVED CVE-2021-35031 @@ -29140,10 +29138,10 @@ CVE-2021-31854 RESERVED CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...) NOT-FOR-US: McAfee -CVE-2021-31852 - RESERVED -CVE-2021-31851 - RESERVED +CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) + TODO: check +CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) + TODO: check CVE-2021-31850 RESERVED CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...) @@ -29229,8 +29227,8 @@ CVE-2021-31824 RESERVED CVE-2021-31823 RESERVED -CVE-2021-31822 - RESERVED +CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...) + TODO: check CVE-2021-31821 RESERVED CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...) @@ -36972,38 +36970,32 @@ CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For e - xen <not-affected> (Only affects 4.15 series) NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/9 NOTE: https://xenbits.xen.org/xsa/advisory-390.html -CVE-2021-28709 - RESERVED +CVE-2021-28709 (issues with partially successful P2M updates on x86 T[his CNA informat ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-389.html -CVE-2021-28708 - RESERVED +CVE-2021-28708 (PoD operations on misaligned GFNs T[his CNA information record relates ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-388.html -CVE-2021-28707 - RESERVED +CVE-2021-28707 (PoD operations on misaligned GFNs T[his CNA information record relates ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-388.html -CVE-2021-28706 - RESERVED +CVE-2021-28706 (guests may exceed their designated memory limit When a guest is permit ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-385.html -CVE-2021-28705 - RESERVED +CVE-2021-28705 (issues with partially successful P2M updates on x86 T[his CNA informat ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-389.html -CVE-2021-28704 - RESERVED +CVE-2021-28704 (PoD operations on misaligned GFNs T[his CNA information record relates ...) - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) [stretch] - xen <end-of-life> (DSA 4602-1) @@ -43544,8 +43536,8 @@ CVE-2021-25988 RESERVED CVE-2021-25987 RESERVED -CVE-2021-25986 - RESERVED +CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...) + TODO: check CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...) NOT-FOR-US: Factor (App Framework & Headless CMS) CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...) @@ -46214,20 +46206,20 @@ CVE-2021-24896 RESERVED CVE-2021-24895 RESERVED -CVE-2021-24894 - RESERVED +CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...) + TODO: check CVE-2021-24893 RESERVED -CVE-2021-24892 - RESERVED -CVE-2021-24891 - RESERVED +CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...) + TODO: check +CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does not s ...) + TODO: check CVE-2021-24890 RESERVED CVE-2021-24889 RESERVED -CVE-2021-24888 - RESERVED +CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...) + TODO: check CVE-2021-24887 RESERVED CVE-2021-24886 @@ -46238,8 +46230,8 @@ CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allo NOT-FOR-US: WordPress plugin CVE-2021-24883 RESERVED -CVE-2021-24882 - RESERVED +CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...) + TODO: check CVE-2021-24881 RESERVED CVE-2021-24880 @@ -46248,16 +46240,16 @@ CVE-2021-24879 RESERVED CVE-2021-24878 RESERVED -CVE-2021-24877 - RESERVED +CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...) + TODO: check CVE-2021-24876 RESERVED -CVE-2021-24875 - RESERVED +CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...) + TODO: check CVE-2021-24874 RESERVED -CVE-2021-24873 - RESERVED +CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...) + TODO: check CVE-2021-24872 RESERVED CVE-2021-24871 @@ -46342,8 +46334,8 @@ CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not h NOT-FOR-US: WordPress plugin CVE-2021-24831 RESERVED -CVE-2021-24830 - RESERVED +CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does not esc ...) + TODO: check CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...) NOT-FOR-US: WordPress plugin CVE-2021-24828 @@ -46378,8 +46370,8 @@ CVE-2021-24814 RESERVED CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...) NOT-FOR-US: WordPress plugin -CVE-2021-24812 - RESERVED +CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...) + TODO: check CVE-2021-24811 RESERVED CVE-2021-24810 @@ -46544,8 +46536,8 @@ CVE-2021-24731 (The Registration Forms – User profile, Content Restriction NOT-FOR-US: WordPress plugin CVE-2021-24730 RESERVED -CVE-2021-24729 - RESERVED +CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...) + TODO: check CVE-2021-24728 (The Membership & Content Restriction – Paid Member Subscript ...) NOT-FOR-US: WordPress plugin CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate or escap ...) @@ -46576,8 +46568,8 @@ CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not prope NOT-FOR-US: WordPress plugin CVE-2021-24714 RESERVED -CVE-2021-24713 - RESERVED +CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and Video Less ...) + TODO: check CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...) NOT-FOR-US: WordPress plugin CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...) @@ -46596,14 +46588,14 @@ CVE-2021-24705 RESERVED CVE-2021-24704 RESERVED -CVE-2021-24703 - RESERVED +CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...) + TODO: check CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize m ...) NOT-FOR-US: WordPress plugin -CVE-2021-24700 - RESERVED +CVE-2021-24700 (The Forminator WordPress plugin before 1.15.4 does not sanitize and es ...) + TODO: check CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows users ...) @@ -46666,8 +46658,8 @@ CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some NOT-FOR-US: WordPress plugin CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin before 1 ...) NOT-FOR-US: WordPress plugin -CVE-2021-24668 - RESERVED +CVE-2021-24668 (The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce c ...) + TODO: check CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...) NOT-FOR-US: FortiGuard CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ...) @@ -46714,14 +46706,14 @@ CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin through 1.4.2 do NOT-FOR-US: WordPress plugin CVE-2021-24645 (The Booking.com Product Helper WordPress plugin through 1.0.1 does not ...) NOT-FOR-US: WordPress plugin -CVE-2021-24644 - RESERVED +CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not validate or sa ...) + TODO: check CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...) NOT-FOR-US: WordPress plugin CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have CSRF check ...) NOT-FOR-US: WordPress plugin -CVE-2021-24641 - RESERVED +CVE-2021-24641 (The Images to WebP WordPress plugin before 1.9 does not have CSRF chec ...) + TODO: check CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...) NOT-FOR-US: WordPress plugin CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path validatio ...) @@ -53754,8 +53746,8 @@ CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Impr NOT-FOR-US: EMC CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...) NOT-FOR-US: EMC -CVE-2021-21561 - RESERVED +CVE-2021-21561 (Dell PowerScale OneFS version 8.1.2 contains a sensitive information e ...) + TODO: check CVE-2021-21560 RESERVED CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19 ...) |