From 2939162c51d3dfa729647f2f7b33d69cfef38995 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 17 Nov 2021 20:10:21 +0000 Subject: automatic update --- data/CVE/2018.list | 1 + data/CVE/2021.list | 301 ++++++++++++++++++++++++++++++++--------------------- 2 files changed, 184 insertions(+), 118 deletions(-) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index e70c581fb0..314962663d 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -34876,6 +34876,7 @@ CVE-2018-8034 (The host name verification when using TLS with the WebSocket clie CVE-2018-8033 (In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apach ...) NOT-FOR-US: Apache OFBiz CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site ...) + {DLA-2821-1} - axis 1.4-28 (bug #905328) [jessie] - axis (Minor issue) NOTE: https://issues.apache.org/jira/browse/AXIS-2924 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 579f60eaa9..017e06fa09 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,89 @@ +CVE-2021-43995 + RESERVED +CVE-2021-43994 + RESERVED +CVE-2021-43993 + RESERVED +CVE-2021-43992 + RESERVED +CVE-2021-43991 + RESERVED +CVE-2021-43990 + RESERVED +CVE-2021-43989 + RESERVED +CVE-2021-43988 + RESERVED +CVE-2021-43987 + RESERVED +CVE-2021-43986 + RESERVED +CVE-2021-43985 + RESERVED +CVE-2021-43984 + RESERVED +CVE-2021-43983 + RESERVED +CVE-2021-43982 + RESERVED +CVE-2021-43981 + RESERVED +CVE-2021-43980 + RESERVED +CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 ...) + TODO: check +CVE-2021-43978 + RESERVED +CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...) + TODO: check +CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...) + TODO: check +CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...) + TODO: check +CVE-2021-43974 + RESERVED +CVE-2021-43973 + RESERVED +CVE-2021-43972 + RESERVED +CVE-2021-43971 + RESERVED +CVE-2021-43970 + RESERVED +CVE-2021-43969 + RESERVED +CVE-2021-43968 + RESERVED +CVE-2021-43967 + RESERVED +CVE-2021-43966 + RESERVED +CVE-2021-43965 + RESERVED +CVE-2021-43964 + RESERVED +CVE-2021-43963 + RESERVED +CVE-2021-43962 + RESERVED +CVE-2021-43961 + RESERVED +CVE-2021-43960 + RESERVED +CVE-2021-3974 + RESERVED +CVE-2021-3973 + RESERVED +CVE-2021-3972 + RESERVED +CVE-2021-3971 + RESERVED +CVE-2021-3970 + RESERVED +CVE-2021-3969 + RESERVED +CVE-2021-3968 + RESERVED CVE-2021-43959 RESERVED CVE-2021-43958 @@ -911,12 +997,12 @@ CVE-2021-43555 RESERVED CVE-2021-43554 RESERVED -CVE-2021-43553 - RESERVED +CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...) + TODO: check CVE-2021-43552 RESERVED -CVE-2021-43551 - RESERVED +CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...) + TODO: check CVE-2021-43550 RESERVED CVE-2021-43549 @@ -1391,7 +1477,8 @@ CVE-2021-43340 RESERVED CVE-2021-43339 (In Ericsson Network Location before 2021-07-31, it is possible for an ...) NOT-FOR-US: Ericsson -CVE-2021-43338 (In Ericsson Network Location MPS GMPC21, it is possible to creates a n ...) +CVE-2021-43338 + REJECTED NOT-FOR-US: Ericsson CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On ...) - slurm-wlm (Affects only 21.08 series; vulnerable code introduced later) @@ -2281,12 +2368,12 @@ CVE-2021-42958 RESERVED CVE-2021-42957 RESERVED -CVE-2021-42956 - RESERVED -CVE-2021-42955 - RESERVED -CVE-2021-42954 - RESERVED +CVE-2021-42956 (Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.21 ...) + TODO: check +CVE-2021-42955 (Zoho Remote Access Plus Server Windows Desktop binary fixed in version ...) + TODO: check +CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1. ...) + TODO: check CVE-2021-42953 RESERVED CVE-2021-42952 @@ -3595,12 +3682,12 @@ CVE-2021-42364 RESERVED CVE-2021-42363 RESERVED -CVE-2021-42362 - RESERVED -CVE-2021-42361 - RESERVED -CVE-2021-42360 - RESERVED +CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...) + TODO: check +CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...) + TODO: check +CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress installed, i ...) + TODO: check CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-di ...) NOT-FOR-US: WP DSGVO Tools (GDPR) CVE-2021-42358 @@ -3867,8 +3954,8 @@ CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/a NOTE: https://git.kernel.org/linus/b49a0e69a7b1a68c8d3f64097d06dabb770fec96 (5.15-rc1) CVE-2021-42251 RESERVED -CVE-2021-42250 - RESERVED +CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Superset HT ...) + TODO: check CVE-2021-42249 RESERVED CVE-2021-42248 @@ -4618,8 +4705,8 @@ CVE-2021-41933 RESERVED CVE-2021-41932 RESERVED -CVE-2021-41931 - RESERVED +CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...) + TODO: check CVE-2021-41930 RESERVED CVE-2021-41929 @@ -7393,8 +7480,8 @@ CVE-2021-40747 RESERVED CVE-2021-40746 RESERVED -CVE-2021-40745 - RESERVED +CVE-2021-40745 (Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Trav ...) + TODO: check CVE-2021-40744 RESERVED CVE-2021-40743 @@ -11653,8 +11740,8 @@ CVE-2021-38961 RESERVED CVE-2021-38960 RESERVED -CVE-2021-38959 - RESERVED +CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...) + TODO: check CVE-2021-38958 RESERVED CVE-2021-38957 @@ -19629,8 +19716,8 @@ CVE-2021-35530 RESERVED CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...) NOT-FOR-US: Hitachi -CVE-2021-35528 - RESERVED +CVE-2021-35528 (Improper Access Control vulnerability in the application authenticatio ...) + TODO: check CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...) NOT-FOR-US: Hitachi ABB Power Grids eSOMS CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...) @@ -25095,19 +25182,16 @@ CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implem NOT-FOR-US: Apache NiFi CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...) NOT-FOR-US: Apache APISIX Dashboard -CVE-2021-33481 [stack-based buffer overflow in try_to_divide_boxes() in pgm2asc.c] - RESERVED +CVE-2021-33481 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/42/ NOTE: Crash in CLI tool, no security impact -CVE-2021-33480 [use-after-free in context_correction() in pgm2asc.c] - RESERVED +CVE-2021-33480 (An use-after-free vulnerability was discovered in gocr through 0.53-20 ...) - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/40/ NOTE: https://sourceforge.net/p/jocr/bugs/41/ NOTE: Crash in CLI tool, no security impact -CVE-2021-33479 [stack-based buffer overflow in measure_pitch() in pgm2asc.c] - RESERVED +CVE-2021-33479 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/39/ NOTE: Crash in CLI tool, no security impact @@ -25268,8 +25352,7 @@ CVE-2021-33120 RESERVED CVE-2021-33119 RESERVED -CVE-2021-33118 - RESERVED +CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...) NOT-FOR-US: Intel CVE-2021-33117 RESERVED @@ -25293,8 +25376,7 @@ CVE-2021-33108 RESERVED CVE-2021-33107 RESERVED -CVE-2021-33106 - RESERVED +CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...) NOT-FOR-US: Intel CVE-2021-33105 RESERVED @@ -25315,40 +25397,29 @@ CVE-2021-33098 RESERVED NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html TODO: check, might affect src:linux -CVE-2021-33097 - RESERVED +CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...) NOT-FOR-US: Intel CVE-2021-33096 RESERVED -CVE-2021-33095 - RESERVED +CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...) NOT-FOR-US: Intel -CVE-2021-33094 - RESERVED +CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) NOT-FOR-US: Intel -CVE-2021-33093 - RESERVED +CVE-2021-33093 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) NOT-FOR-US: Intel -CVE-2021-33092 - RESERVED +CVE-2021-33092 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) NOT-FOR-US: Intel -CVE-2021-33091 - RESERVED +CVE-2021-33091 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) NOT-FOR-US: Intel -CVE-2021-33090 - RESERVED +CVE-2021-33090 (Incorrect default permissionsin the software installer for the Intel(R ...) NOT-FOR-US: Intel -CVE-2021-33089 - RESERVED +CVE-2021-33089 (Improper access control in the software installer for the Intel(R) NUC ...) NOT-FOR-US: Intel -CVE-2021-33088 - RESERVED +CVE-2021-33088 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) NOT-FOR-US: Intel -CVE-2021-33087 - RESERVED +CVE-2021-33087 (Improper authentication in the installer for the Intel(R) NUC M15 Lapt ...) NOT-FOR-US: Intel -CVE-2021-33086 - RESERVED +CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may allow an au ...) NOT-FOR-US: Intel CVE-2021-33085 RESERVED @@ -25379,8 +25450,7 @@ CVE-2021-33073 NOT-FOR-US: Intel CVE-2021-33072 RESERVED -CVE-2021-33071 - RESERVED +CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R) oneAPI ...) NOT-FOR-US: Intel CVE-2021-33070 RESERVED @@ -26613,8 +26683,8 @@ CVE-2021-32602 (An improper neutralization of input during web page generation v NOT-FOR-US: FortiGuard CVE-2021-32601 RESERVED -CVE-2021-32600 - RESERVED +CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + TODO: check CVE-2021-32599 RESERVED CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) @@ -27512,8 +27582,8 @@ CVE-2021-32236 RESERVED CVE-2021-32235 RESERVED -CVE-2021-32234 - RESERVED +CVE-2021-32234 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows r ...) + TODO: check CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS. ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2021-32232 @@ -33591,10 +33661,10 @@ CVE-2021-29863 RESERVED CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM -CVE-2021-29861 - RESERVED -CVE-2021-29860 - RESERVED +CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + TODO: check +CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + TODO: check CVE-2021-29859 RESERVED CVE-2021-29858 @@ -45614,26 +45684,26 @@ CVE-2021-24858 RESERVED CVE-2021-24857 RESERVED -CVE-2021-24856 - RESERVED +CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and ...) + TODO: check CVE-2021-24855 RESERVED -CVE-2021-24854 - RESERVED -CVE-2021-24853 - RESERVED -CVE-2021-24852 - RESERVED -CVE-2021-24851 - RESERVED -CVE-2021-24850 - RESERVED +CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not sanitise and ...) + TODO: check +CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have capability ...) + TODO: check +CVE-2021-24852 (The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have ...) + TODO: check +CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with a rol ...) + TODO: check +CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...) + TODO: check CVE-2021-24849 RESERVED CVE-2021-24848 RESERVED -CVE-2021-24847 - RESERVED +CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...) + TODO: check CVE-2021-24846 RESERVED CVE-2021-24845 @@ -45644,8 +45714,8 @@ CVE-2021-24843 RESERVED CVE-2021-24842 RESERVED -CVE-2021-24841 - RESERVED +CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...) + TODO: check CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...) NOT-FOR-US: WordPress theme CVE-2021-24839 @@ -45658,10 +45728,10 @@ CVE-2021-24836 RESERVED CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings ...) NOT-FOR-US: WordPress plugin -CVE-2021-24834 - RESERVED -CVE-2021-24833 - RESERVED +CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...) + TODO: check +CVE-2021-24833 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...) + TODO: check CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2021-24831 @@ -45696,8 +45766,8 @@ CVE-2021-24817 RESERVED CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...) NOT-FOR-US: WordPress plugin -CVE-2021-24815 - RESERVED +CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...) + TODO: check CVE-2021-24814 RESERVED CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...) @@ -45718,12 +45788,12 @@ CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF w NOT-FOR-US: WordPress plugin CVE-2021-24805 RESERVED -CVE-2021-24804 - RESERVED +CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...) + TODO: check CVE-2021-24803 RESERVED -CVE-2021-24802 - RESERVED +CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...) + TODO: check CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...) NOT-FOR-US: WordPress plugin CVE-2021-24800 @@ -45734,8 +45804,8 @@ CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sani NOT-FOR-US: WordPress plugin CVE-2021-24797 RESERVED -CVE-2021-24796 - RESERVED +CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...) + TODO: check CVE-2021-24795 RESERVED CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...) @@ -45752,8 +45822,8 @@ CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape NOT-FOR-US: WordPress plugin CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...) NOT-FOR-US: WordPress plugin -CVE-2021-24787 - RESERVED +CVE-2021-24787 (The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 ...) + TODO: check CVE-2021-24786 RESERVED CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...) @@ -45774,16 +45844,16 @@ CVE-2021-24778 RESERVED CVE-2021-24777 RESERVED -CVE-2021-24776 - RESERVED +CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not ...) + TODO: check CVE-2021-24775 RESERVED CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...) NOT-FOR-US: WordPress plugin -CVE-2021-24772 - RESERVED +CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and validat ...) + TODO: check CVE-2021-24771 RESERVED CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform ...) @@ -45810,8 +45880,8 @@ CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 doe NOT-FOR-US: WordPress plugin CVE-2021-24759 RESERVED -CVE-2021-24758 - RESERVED +CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly validate ...) + TODO: check CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform ...) NOT-FOR-US: WordPress plugin CVE-2021-24756 @@ -46130,8 +46200,8 @@ CVE-2021-24600 (The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise NOT-FOR-US: WordPress plugin CVE-2021-24599 (The Email Encoder – Protect Email Addresses WordPress plugin bef ...) NOT-FOR-US: WordPress plugin -CVE-2021-24598 - RESERVED +CVE-2021-24598 (The Testimonial WordPress plugin before 1.6.0 does not escape some tes ...) + TODO: check CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its qrcod ...) NOT-FOR-US: WordPress plugin CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...) @@ -46296,7 +46366,7 @@ CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms W NOT-FOR-US: WordPress plugin CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...) NOT-FOR-US: WordPress plugin -CVE-2021-24515 (The Video Gallery – Vimeo and YouTube Gallery WordPress plugin t ...) +CVE-2021-24515 (The Video Gallery WordPress plugin before 1.1.5 does not escape the Ti ...) NOT-FOR-US: WordPress plugin CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...) NOT-FOR-US: WordPress plugin @@ -62049,11 +62119,9 @@ CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element NOT-FOR-US: Intel CVE-2021-0159 RESERVED -CVE-2021-0158 - RESERVED +CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) NOT-FOR-US: Intel -CVE-2021-0157 - RESERVED +CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for some Int ...) NOT-FOR-US: Intel CVE-2021-0156 RESERVED @@ -62136,11 +62204,9 @@ CVE-2021-0123 RESERVED CVE-2021-0122 RESERVED -CVE-2021-0121 - RESERVED +CVE-2021-0121 (Improper access control in the installer for some Intel(R) Iris(R) Xe ...) NOT-FOR-US: Intel -CVE-2021-0120 - RESERVED +CVE-2021-0120 (Improper initialization in the installer for some Intel(R) Graphics DC ...) NOT-FOR-US: Intel CVE-2021-0119 RESERVED @@ -62189,8 +62255,7 @@ CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows NOT-FOR-US: Intel CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...) NOT-FOR-US: Intel -CVE-2021-0096 - RESERVED +CVE-2021-0096 (Improper authentication in the software installer for the Intel(R) NUC ...) NOT-FOR-US: Intel CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...) NOT-FOR-US: Intel -- cgit v1.2.3