From 1b18f00eb9aeb6fdfd8dcd15506d35537e56db36 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 2 Dec 2021 08:10:14 +0000 Subject: automatic update --- data/CVE/2015.list | 4 +++ data/CVE/2020.list | 10 +++---- data/CVE/2021.list | 87 +++++++++++++++++++++++++++++++++--------------------- 3 files changed, 61 insertions(+), 40 deletions(-) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 13bcb8bbf5..3677b75de5 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,3 +1,7 @@ +CVE-2015-20106 + RESERVED +CVE-2015-20105 + RESERVED CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) NOT-FOR-US: WordPress plugin CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 4c94e3297f..37f26628ff 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3485,15 +3485,13 @@ CVE-2020-35076 REJECTED CVE-2020-35061 RESERVED -CVE-2020-35037 - RESERVED +CVE-2020-35037 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...) NOT-FOR-US: WordPress plugin events-manager CVE-2020-35030 RESERVED CVE-2020-35017 RESERVED -CVE-2020-35012 - RESERVED +CVE-2020-35012 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...) NOT-FOR-US: WordPress plugin events-manager CVE-2020-35001 RESERVED @@ -9011,8 +9009,8 @@ CVE-2020-27416 RESERVED CVE-2020-27415 RESERVED -CVE-2020-27414 - RESERVED +CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...) + TODO: check CVE-2020-27413 RESERVED CVE-2020-27412 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index cbcc2989ef..cbd08eb90b 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,21 @@ +CVE-2021-44520 + RESERVED +CVE-2021-44519 + RESERVED +CVE-2021-44518 + RESERVED +CVE-2021-44517 + RESERVED +CVE-2021-44516 + RESERVED +CVE-2021-44515 + RESERVED +CVE-2021-44514 + RESERVED +CVE-2021-44513 + RESERVED +CVE-2021-44512 + RESERVED CVE-2021-44511 RESERVED CVE-2021-44510 @@ -602,8 +620,8 @@ CVE-2021-4024 [podman: podman machine spawns gvproxy with port binded to all IPs NOTE: https://github.com/containers/podman/pull/12283 NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1) NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 -CVE-2021-44227 - RESERVED +CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...) + TODO: check CVE-2021-44226 RESERVED CVE-2021-4023 @@ -1643,14 +1661,14 @@ CVE-2021-43796 RESERVED CVE-2021-43795 RESERVED -CVE-2021-43794 - RESERVED -CVE-2021-43793 - RESERVED -CVE-2021-43792 - RESERVED -CVE-2021-43791 - RESERVED +CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...) + TODO: check +CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...) + TODO: check +CVE-2021-43792 (Discourse is an open source discussion platform. In affected versions ...) + TODO: check +CVE-2021-43791 (Zulip is an open source group chat application that combines real-time ...) + TODO: check CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in ...) NOT-FOR-US: Lucet CVE-2021-43789 @@ -2278,6 +2296,7 @@ CVE-2021-43528 RESERVED CVE-2021-43527 [Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded signatures] RESERVED + {DSA-5016-1} - nss 2:3.73-1 NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4 NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH) @@ -3203,8 +3222,8 @@ CVE-2021-43139 RESERVED CVE-2021-43138 RESERVED -CVE-2021-43137 - RESERVED +CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...) + TODO: check CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attac ...) NOT-FOR-US: FormaLMS CVE-2021-43135 @@ -4180,8 +4199,8 @@ CVE-2021-42713 RESERVED CVE-2021-42712 RESERVED -CVE-2021-42711 - RESERVED +CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...) + TODO: check CVE-2021-42710 RESERVED CVE-2021-42709 @@ -8117,8 +8136,8 @@ CVE-2021-41041 RESERVED CVE-2021-41040 RESERVED -CVE-2021-41039 - RESERVED +CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...) + TODO: check CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...) NOT-FOR-US: Eclipse Theia CVE-2021-41037 @@ -26293,26 +26312,26 @@ CVE-2021-33276 RESERVED CVE-2021-33275 RESERVED -CVE-2021-33274 - RESERVED +CVE-2021-33274 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check CVE-2021-33273 RESERVED CVE-2021-33272 RESERVED -CVE-2021-33271 - RESERVED -CVE-2021-33270 - RESERVED -CVE-2021-33269 - RESERVED -CVE-2021-33268 - RESERVED -CVE-2021-33267 - RESERVED -CVE-2021-33266 - RESERVED -CVE-2021-33265 - RESERVED +CVE-2021-33271 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check +CVE-2021-33270 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check +CVE-2021-33269 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check +CVE-2021-33268 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check +CVE-2021-33267 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check +CVE-2021-33266 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check +CVE-2021-33265 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + TODO: check CVE-2021-33264 RESERVED CVE-2021-33263 @@ -42352,8 +42371,8 @@ CVE-2021-26779 RESERVED CVE-2021-26778 RESERVED -CVE-2021-26777 - RESERVED +CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in index.cgi in ...) + TODO: check CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: CSZ CMS CVE-2021-26775 -- cgit v1.2.3