From 06eb63db29cd5d4e23d66740bf75aa9a5be1a88a Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 24 Nov 2021 20:10:20 +0000 Subject: automatic update --- data/CVE/2017.list | 2 + data/CVE/2021.list | 141 +++++++++++++++++++++++++++++++---------------------- 2 files changed, 84 insertions(+), 59 deletions(-) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 7087be7f8c..1e11c9b2e6 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,5 @@ +CVE-2017-20008 + RESERVED CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) NOT-FOR-US: Ingeteam INGEPAC DA AU CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 8d22ad26a8..889d49f4b0 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,29 @@ +CVE-2021-44206 + RESERVED +CVE-2021-44205 + RESERVED +CVE-2021-44204 + RESERVED +CVE-2021-44203 + RESERVED +CVE-2021-44202 + RESERVED +CVE-2021-44201 + RESERVED +CVE-2021-44200 + RESERVED +CVE-2021-44199 + RESERVED +CVE-2021-44198 + RESERVED +CVE-2021-44197 + RESERVED +CVE-2021-44196 + RESERVED +CVE-2021-4016 + RESERVED +CVE-2021-4015 + RESERVED CVE-2021-4014 RESERVED CVE-2021-4013 @@ -134,8 +160,7 @@ CVE-2021-44142 RESERVED CVE-2021-44141 RESERVED -CVE-2021-44140 - RESERVED +CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...) - jspwiki CVE-2021-44139 RESERVED @@ -959,8 +984,8 @@ CVE-2021-43780 (Redash is a package for data visualization and sharing. In versi NOT-FOR-US: Redash CVE-2021-43779 RESERVED -CVE-2021-43778 - RESERVED +CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...) + TODO: check CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...) NOT-FOR-US: Redash CVE-2021-43776 @@ -2183,8 +2208,8 @@ CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-001 NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) CVE-2021-43269 RESERVED -CVE-2021-43268 - RESERVED +CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...) + TODO: check CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...) - mahara CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...) @@ -6769,17 +6794,16 @@ CVE-2021-41272 RESERVED CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...) NOT-FOR-US: Discourse -CVE-2021-41270 [symfony: CVS injection via formulas] - RESERVED +CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...) - symfony 4.4.19+dfsg-3 NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (4.4.35) CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...) NOT-FOR-US: cron-utils Java library -CVE-2021-41268 - RESERVED -CVE-2021-41267 - RESERVED +CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...) + TODO: check +CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...) + TODO: check CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...) NOT-FOR-US: Minio console CVE-2021-41265 @@ -8548,7 +8572,7 @@ CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associatio NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694 CVE-2021-3771 RESERVED -CVE-2021-40524 (In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the ...) +CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...) - pure-ftpd (bug #993810) [bullseye] - pure-ftpd (Minor issue) [buster] - pure-ftpd (Minor issue) @@ -8919,8 +8943,7 @@ CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.791 NOT-FOR-US: Gridpro Request Management for Windows Azure Pack CVE-2021-40370 RESERVED -CVE-2021-40369 - RESERVED +CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...) - jspwiki CVE-2021-40368 RESERVED @@ -12479,8 +12502,8 @@ CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vul NOT-FOR-US: IBM CVE-2021-38874 RESERVED -CVE-2021-38873 - RESERVED +CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...) + TODO: check CVE-2021-38872 RESERVED CVE-2021-38871 @@ -17168,10 +17191,10 @@ CVE-2021-36919 RESERVED CVE-2021-36918 RESERVED -CVE-2021-36917 - RESERVED -CVE-2021-36916 - RESERVED +CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated ...) + TODO: check +CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...) + TODO: check CVE-2021-36915 RESERVED CVE-2021-36914 @@ -22883,10 +22906,10 @@ CVE-2021-34426 RESERVED CVE-2021-34425 RESERVED -CVE-2021-34424 - RESERVED -CVE-2021-34423 - RESERVED +CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...) + TODO: check +CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...) + TODO: check CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...) NOT-FOR-US: Keybase Client for Windows CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...) @@ -26088,12 +26111,12 @@ CVE-2021-33045 (The identity authentication bypass vulnerability found in some D NOT-FOR-US: Dahua CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...) NOT-FOR-US: Dahua -CVE-2021-3554 - RESERVED -CVE-2021-3553 - RESERVED -CVE-2021-3552 - RESERVED +CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API as impl ...) + TODO: check +CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + TODO: check +CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + TODO: check CVE-2021-33043 RESERVED CVE-2021-33042 @@ -28635,8 +28658,8 @@ CVE-2021-32039 RESERVED CVE-2021-32038 RESERVED -CVE-2021-32037 - RESERVED +CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...) + TODO: check CVE-2021-32036 RESERVED CVE-2021-32035 @@ -50459,8 +50482,8 @@ CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959 CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concrete5 < ...) NOT-FOR-US: Concrete CMS -CVE-2021-22957 - RESERVED +CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Pr ...) + TODO: check CVE-2021-22956 RESERVED CVE-2021-22955 @@ -52510,8 +52533,8 @@ CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specif NOT-FOR-US: Spring Cloud Gateway CVE-2021-22050 RESERVED -CVE-2021-22049 - RESERVED +CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...) + TODO: check CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...) NOT-FOR-US: VMware CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older ...) @@ -52653,8 +52676,8 @@ CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has NOT-FOR-US: VMware Carbon Black Cloud Workload appliance CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due to an i ...) NOT-FOR-US: VMware -CVE-2021-21980 - RESERVED +CVE-2021-21980 (The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary ...) + TODO: check CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...) NOT-FOR-US: Bitnami Containers CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...) @@ -55641,28 +55664,28 @@ CVE-2021-20852 RESERVED CVE-2021-20851 RESERVED -CVE-2021-20850 - RESERVED +CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...) + TODO: check CVE-2021-20849 RESERVED -CVE-2021-20848 - RESERVED +CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...) + TODO: check CVE-2021-20847 RESERVED -CVE-2021-20846 - RESERVED -CVE-2021-20845 - RESERVED -CVE-2021-20844 - RESERVED -CVE-2021-20843 - RESERVED -CVE-2021-20842 - RESERVED -CVE-2021-20841 - RESERVED -CVE-2021-20840 - RESERVED +CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications ...) + TODO: check +CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...) + TODO: check +CVE-2021-20844 (Improper neutralization of HTTP request headers for scripting syntax v ...) + TODO: check +CVE-2021-20843 (Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev ...) + TODO: check +CVE-2021-20842 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2. ...) + TODO: check +CVE-2021-20841 (Improper access control in Management screen of EC-CUBE 2 series 2.11. ...) + TODO: check +CVE-2021-20840 (Cross-site scripting vulnerability in Booking Package - Appointment Bo ...) + TODO: check CVE-2021-20839 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...) NOT-FOR-US: Office Server Document Converter CVE-2021-20838 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...) @@ -55671,8 +55694,8 @@ CVE-2021-20837 (Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movab - movabletype-opensource CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...) NOT-FOR-US: CX-Supervisor -CVE-2021-20835 - RESERVED +CVE-2021-20835 (Improper authorization in handler for custom URL scheme vulnerability ...) + TODO: check CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) NOT-FOR-US: Nike App CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...) -- cgit v1.2.3