diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-02-03 20:10:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-03 20:10:23 +0000 |
commit | 411555260a1176c6ff30a22987e045589a82920a (patch) | |
tree | 1a76099ce468948aba38f2b47dbc9f1f689095d3 /data/CVE | |
parent | d5f9bb486e35177c16da80314fab1f0de2d0223e (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2019.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 140 | ||||
-rw-r--r-- | data/CVE/2021.list | 274 |
3 files changed, 297 insertions, 121 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 5020d8571e..70856db57f 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -11799,8 +11799,8 @@ CVE-2019-16270 RESERVED CVE-2019-16269 RESERVED -CVE-2019-16268 - RESERVED +CVE-2019-16268 (Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection vi ...) + TODO: check CVE-2019-16267 RESERVED CVE-2019-16266 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6fd9c3c34f..49fb49195f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -19,22 +19,27 @@ CVE-2020-36232 CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-36230 (A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertio ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9423 NOTE: https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793 (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36229 (A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 lead ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9425 NOTE: https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36228 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9427 NOTE: https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36227 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9428 NOTE: https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5 (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36226 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-> ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57) @@ -43,6 +48,7 @@ CVE-2020-36226 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a mem NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57) NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids CVE-2020-36225 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a double fr ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57) @@ -51,6 +57,7 @@ CVE-2020-36225 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a dou NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57) NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids CVE-2020-36224 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9409 NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57) @@ -59,10 +66,12 @@ CVE-2020-36224 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an in NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57) NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids CVE-2020-36223 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd cra ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9408 NOTE: https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36222 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertio ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9406 NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57) @@ -70,6 +79,7 @@ CVE-2020-36222 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an as NOTE: https://bugs.openldap.org/show_bug.cgi?id=9407 NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36221 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading ...) + {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9404 NOTE: https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 (OPENLDAP_REL_ENG_2_4_57) @@ -1322,8 +1332,8 @@ CVE-2020-35669 (An issue was discovered in the http package through 0.12.2 for D NOT-FOR-US: Dart http CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that lead ...) NOT-FOR-US: RedisGraph -CVE-2020-35667 - RESERVED +CVE-2020-35667 (JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that ...) + TODO: check CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection because the /a ...) NOT-FOR-US: Steedos Platform CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...) @@ -1823,10 +1833,10 @@ CVE-2020-35484 RESERVED CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on a system ...) NOT-FOR-US: AnyDesk -CVE-2020-35482 - RESERVED -CVE-2020-35481 - RESERVED +CVE-2020-35482 (SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. ...) + TODO: check +CVE-2020-35481 (SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection ...) + TODO: check CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...) {DSA-4816-1 DLA-2504-1} - mediawiki 1:1.35.1-1 @@ -2906,8 +2916,8 @@ CVE-2020-29584 RESERVED CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an undocumented ac ...) NOT-FOR-US: Zyxel -CVE-2020-29582 - RESERVED +CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for ...) + TODO: check CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a blank pa ...) NOT-FOR-US: spiped Docker images CVE-2020-29580 (The official storm Docker images before 1.2.1 contain a blank password ...) @@ -3878,14 +3888,14 @@ CVE-2020-29168 RESERVED CVE-2020-29167 RESERVED -CVE-2020-29166 - RESERVED -CVE-2020-29165 - RESERVED -CVE-2020-29164 - RESERVED -CVE-2020-29163 - RESERVED +CVE-2020-29166 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by fil ...) + TODO: check +CVE-2020-29165 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by inc ...) + TODO: check +CVE-2020-29164 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cro ...) + TODO: check +CVE-2020-29163 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL ...) + TODO: check CVE-2020-29162 RESERVED CVE-2020-29161 @@ -4528,8 +4538,8 @@ CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure t [buster] - neomutt 20180716+dfsg.1-1+deb10u2 NOTE: https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a NOTE: https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06 -CVE-2020-28895 - RESERVED +CVE-2020-28895 (In Wind River VxWorks, memory allocator has a possible overflow in cal ...) + TODO: check CVE-2020-28894 RESERVED CVE-2020-28893 @@ -5019,8 +5029,8 @@ CVE-2020-28655 RESERVED CVE-2020-28654 RESERVED -CVE-2020-28653 - RESERVED +CVE-2020-28653 (Zoho ManageEngine OpManager Stable build before 125203 (and Released b ...) + TODO: check CVE-2020-28652 RESERVED CVE-2020-28651 @@ -5341,7 +5351,7 @@ CVE-2020-28500 RESERVED CVE-2020-28499 RESERVED -CVE-2020-28498 (All versions of package elliptic are vulnerable to Cryptographic Issue ...) +CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...) TODO: check CVE-2020-28497 RESERVED @@ -6122,8 +6132,8 @@ CVE-2020-28146 RESERVED CVE-2020-28145 RESERVED -CVE-2020-28144 - RESERVED +CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...) + TODO: check CVE-2020-28143 RESERVED CVE-2020-28142 @@ -6469,8 +6479,8 @@ CVE-2020-28003 RESERVED CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve authenticat ...) NOT-FOR-US: SonarQube -CVE-2020-28001 - RESERVED +CVE-2020-28001 (SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. ...) + TODO: check CVE-2020-28000 RESERVED CVE-2020-27999 @@ -6483,8 +6493,8 @@ CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does n NOT-FOR-US: SmartStoreNET CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...) NOT-FOR-US: Zoho ManageEngine -CVE-2020-27994 - RESERVED +CVE-2020-27994 (SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Travers ...) + TODO: check CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../ directory tra ...) NOT-FOR-US: Hrsale CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse ...) @@ -8356,8 +8366,8 @@ CVE-2020-27224 RESERVED CVE-2020-27223 RESERVED -CVE-2020-27222 - RESERVED +CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...) + TODO: check CVE-2020-27221 (In Eclipse OpenJ9 up to version 0.23, there is potential for a stack-b ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether ...) @@ -11443,16 +11453,16 @@ CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior NOT-FOR-US: Qualcomm QCMAP CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...) NOT-FOR-US: Qualcomm QCMAP -CVE-2020-25857 - RESERVED -CVE-2020-25856 - RESERVED -CVE-2020-25855 - RESERVED -CVE-2020-25854 - RESERVED -CVE-2020-25853 - RESERVED +CVE-2020-25857 (The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Modul ...) + TODO: check +CVE-2020-25856 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...) + TODO: check +CVE-2020-25855 (The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior t ...) + TODO: check +CVE-2020-25854 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...) + TODO: check +CVE-2020-25853 (The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to ...) + TODO: check CVE-2020-25852 RESERVED CVE-2020-25851 @@ -13097,8 +13107,8 @@ CVE-2020-25210 (In JetBrains YouTrack before 2020.3.7955, an attacker could acce NOT-FOR-US: JetBrains CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access control for ...) NOT-FOR-US: JetBrains -CVE-2020-25208 - RESERVED +CVE-2020-25208 (In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate ...) + TODO: check CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Exe ...) NOT-FOR-US: JetBrains CVE-2020-25206 @@ -26316,10 +26326,10 @@ CVE-2020-18726 RESERVED CVE-2020-18725 RESERVED -CVE-2020-18724 - RESERVED -CVE-2020-18723 - RESERVED +CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...) + TODO: check +CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon ...) + TODO: check CVE-2020-18722 RESERVED CVE-2020-18721 @@ -28733,8 +28743,7 @@ CVE-2020-17525 RESERVED CVE-2020-17524 REJECTED -CVE-2020-17523 - RESERVED +CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...) - shiro <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3 NOTE: https://issues.apache.org/jira/browse/SHIRO-797 @@ -28755,8 +28764,7 @@ CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you to NOT-FOR-US: Apache Flink CVE-2020-17517 RESERVED -CVE-2020-17516 - RESERVED +CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3 ...) - cassandra <itp> (bug #585905) CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...) - airflow <itp> (bug #819700) @@ -48938,12 +48946,12 @@ CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress -CVE-2020-9390 - RESERVED -CVE-2020-9389 - RESERVED -CVE-2020-9388 - RESERVED +CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was able to ...) + TODO: check +CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before versio ...) + TODO: check +CVE-2020-9388 (CSRF protection was not present in SquaredUp before version 4.6.0. A C ...) + TODO: check CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...) - mahara <removed> CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) @@ -50794,10 +50802,10 @@ CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.E NOT-FOR-US: eG Manager CVE-2020-8590 RESERVED -CVE-2020-8589 - RESERVED -CVE-2020-8588 - RESERVED +CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) + TODO: check +CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) + TODO: check CVE-2020-8587 RESERVED CVE-2020-8586 @@ -51461,8 +51469,8 @@ CVE-2020-8296 RESERVED CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) - nextcloud-server <itp> (bug #941708) -CVE-2020-8294 - RESERVED +CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...) + TODO: check CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, ...) TODO: check CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...) @@ -52180,10 +52188,12 @@ CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulne CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...) NOT-FOR-US: SAP CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) + {DLA-2545-1} - open-build-service <unfixed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649 NOTE: https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) + {DLA-2545-1} - open-build-service <unfixed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439 NOTE: https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb @@ -64796,10 +64806,10 @@ CVE-2020-2509 RESERVED CVE-2020-2508 (A command injection vulnerability has been reported to affect QTS and ...) NOT-FOR-US: QNAP -CVE-2020-2507 - RESERVED -CVE-2020-2506 - RESERVED +CVE-2020-2507 (The vulnerability have been reported to affect earlier versions of QTS ...) + TODO: check +CVE-2020-2506 (The vulnerability have been reported to affect earlier versions of QTS ...) + TODO: check CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain sensiti ...) NOT-FOR-US: QNAP CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could allow a ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 029134694f..d3c90205cd 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,169 @@ +CVE-2021-3399 + RESERVED +CVE-2021-3398 + RESERVED +CVE-2021-3397 + RESERVED +CVE-2021-3396 + RESERVED +CVE-2021-26676 + RESERVED +CVE-2021-26675 + RESERVED +CVE-2021-26674 + RESERVED +CVE-2021-26673 + RESERVED +CVE-2021-26672 + RESERVED +CVE-2021-26671 + RESERVED +CVE-2021-26670 + RESERVED +CVE-2021-26669 + RESERVED +CVE-2021-26668 + RESERVED +CVE-2021-26667 + RESERVED +CVE-2021-26666 + RESERVED +CVE-2021-26665 + RESERVED +CVE-2021-26664 + RESERVED +CVE-2021-26663 + RESERVED +CVE-2021-26662 + RESERVED +CVE-2021-26661 + RESERVED +CVE-2021-26660 + RESERVED +CVE-2021-26659 + RESERVED +CVE-2021-26658 + RESERVED +CVE-2021-26657 + RESERVED +CVE-2021-26656 + RESERVED +CVE-2021-26655 + RESERVED +CVE-2021-26654 + RESERVED +CVE-2021-26653 + RESERVED +CVE-2021-26652 + RESERVED +CVE-2021-26651 + RESERVED +CVE-2021-26650 + RESERVED +CVE-2021-26649 + RESERVED +CVE-2021-26648 + RESERVED +CVE-2021-26647 + RESERVED +CVE-2021-26646 + RESERVED +CVE-2021-26645 + RESERVED +CVE-2021-26644 + RESERVED +CVE-2021-26643 + RESERVED +CVE-2021-26642 + RESERVED +CVE-2021-26641 + RESERVED +CVE-2021-26640 + RESERVED +CVE-2021-26639 + RESERVED +CVE-2021-26638 + RESERVED +CVE-2021-26637 + RESERVED +CVE-2021-26636 + RESERVED +CVE-2021-26635 + RESERVED +CVE-2021-26634 + RESERVED +CVE-2021-26633 + RESERVED +CVE-2021-26632 + RESERVED +CVE-2021-26631 + RESERVED +CVE-2021-26630 + RESERVED +CVE-2021-26629 + RESERVED +CVE-2021-26628 + RESERVED +CVE-2021-26627 + RESERVED +CVE-2021-26626 + RESERVED +CVE-2021-26625 + RESERVED +CVE-2021-26624 + RESERVED +CVE-2021-26623 + RESERVED +CVE-2021-26622 + RESERVED +CVE-2021-26621 + RESERVED +CVE-2021-26620 + RESERVED +CVE-2021-26619 + RESERVED +CVE-2021-26618 + RESERVED +CVE-2021-26617 + RESERVED +CVE-2021-26616 + RESERVED +CVE-2021-26615 + RESERVED +CVE-2021-26614 + RESERVED +CVE-2021-26613 + RESERVED +CVE-2021-26612 + RESERVED +CVE-2021-26611 + RESERVED +CVE-2021-26610 + RESERVED +CVE-2021-26609 + RESERVED +CVE-2021-26608 + RESERVED +CVE-2021-26607 + RESERVED +CVE-2021-26606 + RESERVED +CVE-2021-26605 + RESERVED +CVE-2021-26604 + RESERVED +CVE-2021-26603 + RESERVED +CVE-2021-26602 + RESERVED +CVE-2021-26601 + RESERVED +CVE-2021-26600 + RESERVED +CVE-2021-26599 + RESERVED +CVE-2021-26598 + RESERVED CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...) NOT-FOR-US: Pryaniki CVE-2021-3394 @@ -2060,54 +2226,54 @@ CVE-2021-25780 RESERVED CVE-2021-25779 RESERVED -CVE-2021-25778 - RESERVED -CVE-2021-25777 - RESERVED -CVE-2021-25776 - RESERVED -CVE-2021-25775 - RESERVED -CVE-2021-25774 - RESERVED -CVE-2021-25773 - RESERVED -CVE-2021-25772 - RESERVED -CVE-2021-25771 - RESERVED -CVE-2021-25770 - RESERVED -CVE-2021-25769 - RESERVED -CVE-2021-25768 - RESERVED -CVE-2021-25767 - RESERVED -CVE-2021-25766 - RESERVED -CVE-2021-25765 - RESERVED +CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...) + TODO: check +CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...) + TODO: check +CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be exposed in ...) + TODO: check +CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could create a ...) + TODO: check +CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access to the ...) + TODO: check +CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on se ...) + TODO: check +CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possibl ...) + TODO: check +CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information could be ...) + TODO: check +CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template injecti ...) + TODO: check +CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator w ...) + TODO: check +CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for attachments ...) + TODO: check +CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence could b ...) + TODO: check +CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource access che ...) + TODO: check +CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload w ...) + TODO: check CVE-2021-25764 RESERVED -CVE-2021-25763 - RESERVED -CVE-2021-25762 - RESERVED -CVE-2021-25761 - RESERVED -CVE-2021-25760 - RESERVED -CVE-2021-25759 - RESERVED -CVE-2021-25758 - RESERVED -CVE-2021-25757 - RESERVED -CVE-2021-25756 - RESERVED -CVE-2021-25755 - RESERVED +CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by def ...) + TODO: check +CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. ...) + TODO: check +CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage ke ...) + TODO: check +CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure via the p ...) + TODO: check +CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user can delete ...) + TODO: check +CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deseria ...) + TODO: check +CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was possible. ...) + TODO: check +CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for sev ...) + TODO: check +CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the local netw ...) + TODO: check CVE-2021-25754 RESERVED CVE-2021-25753 @@ -3194,12 +3360,12 @@ CVE-2021-25278 RESERVED CVE-2021-25277 RESERVED -CVE-2021-25276 - RESERVED -CVE-2021-25275 - RESERVED -CVE-2021-25274 - RESERVED +CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory cont ...) + TODO: check +CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various SolarWin ...) + TODO: check +CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...) + TODO: check CVE-2021-3159 RESERVED CVE-2021-25273 @@ -7281,8 +7447,8 @@ CVE-2021-23333 RESERVED CVE-2021-23332 RESERVED -CVE-2021-23331 - RESERVED +CVE-2021-23331 (This affects all versions of package com.squareup:connect. The method ...) + TODO: check CVE-2021-23330 (All versions of package launchpad are vulnerable to Command Injection ...) NOT-FOR-US: Node launchpad CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to Protot ...) |