From 7de3244caf0a2b39b48c134d698da469dc5be11b Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 1 Dec 2021 08:10:19 +0000 Subject: automatic update --- data/CVE/2018.list | 4 +- data/CVE/2019.list | 4 +- data/CVE/2021.list | 140 +++++++++++++++++++++++++++++++---------------------- data/CVE/2022.list | 20 ++++++++ 4 files changed, 106 insertions(+), 62 deletions(-) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index aa1feb8072..ab93fff68a 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1420,7 +1420,7 @@ CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templ CVE-2018-20722 RESERVED CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...) - {DLA-1682-1} + {DLA-2834-1 DLA-1682-1} - uriparser 0.9.1-1 (low) NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...) @@ -41580,7 +41580,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe CVE-2018-5765 RESERVED CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...) - {DLA-1725-1 DLA-1247-1} + {DLA-2833-1 DLA-1725-1 DLA-1247-1} - rsync 3.1.2-2.2 (bug #887588) NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07 CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index fcbc14737c..50f465ada7 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -10177,12 +10177,12 @@ CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execut CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...) NOT-FOR-US: BMC Patrol Agent CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...) - {DLA-1952-1} + {DLA-2835-1 DLA-1952-1} - rsyslog 8.1910.0-1 (bug #942065) [buster] - rsyslog (Minor issue, pmcisconames module not loaded by default) NOTE: https://github.com/rsyslog/rsyslog/pull/3883 CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...) - {DLA-1952-1} + {DLA-2835-1 DLA-1952-1} - rsyslog 8.1910.0-1 (bug #942067) [buster] - rsyslog (Minor issue, pmaixforwardedfrom module not loaded by default) NOTE: https://github.com/rsyslog/rsyslog/pull/3884 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index fe4f277c2b..9a6c99d6c7 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,27 @@ +CVE-2021-44470 + RESERVED +CVE-2021-4037 + RESERVED +CVE-2021-4036 + RESERVED +CVE-2021-37409 + RESERVED +CVE-2021-37405 + RESERVED +CVE-2021-33847 + RESERVED +CVE-2021-26950 + RESERVED +CVE-2021-26258 + RESERVED +CVE-2021-26257 + RESERVED +CVE-2021-26251 + RESERVED +CVE-2021-23223 + RESERVED +CVE-2021-23179 + RESERVED CVE-2021-44464 RESERVED CVE-2021-44453 @@ -476,8 +500,8 @@ CVE-2021-4028 [use-after-free in RDMA listen()] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201 CVE-2021-4027 RESERVED -CVE-2021-4026 - RESERVED +CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...) + TODO: check CVE-2021-4025 RESERVED CVE-2021-44235 @@ -2584,12 +2608,12 @@ CVE-2021-43362 RESERVED CVE-2021-43361 RESERVED -CVE-2021-43360 - RESERVED -CVE-2021-43359 - RESERVED -CVE-2021-43358 - RESERVED +CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule’s serialization functi ...) + TODO: check +CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...) + TODO: check +CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...) + TODO: check CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...) - vim [stretch] - vim (Minor issue) @@ -2686,7 +2710,7 @@ CVE-2021-43322 CVE-2021-43321 RESERVED CVE-2021-43320 - RESERVED + REJECTED CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-43318 @@ -4370,8 +4394,8 @@ CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. NOT-FOR-US: myfactory.FMS CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...) NOT-FOR-US: myfactory.FMS -CVE-2021-42564 - RESERVED +CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...) + TODO: check CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...) NOT-FOR-US: NI Service Locator CVE-2021-3893 @@ -7467,8 +7491,8 @@ CVE-2021-41258 (Kirby is an open source file structured CMS. In affected version NOT-FOR-US: Kirby CVE-2021-41257 RESERVED -CVE-2021-41256 - RESERVED +CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...) + TODO: check CVE-2021-41255 RESERVED CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...) @@ -8566,8 +8590,8 @@ CVE-2021-40811 RESERVED CVE-2021-40810 RESERVED -CVE-2021-40809 - RESERVED +CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An ...) + TODO: check CVE-2021-40808 RESERVED CVE-2021-40807 @@ -10276,8 +10300,8 @@ CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Trav NOT-FOR-US: Concrete CMS CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...) NOT-FOR-US: Concrete CMS -CVE-2021-40101 - RESERVED +CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...) + TODO: check CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...) NOT-FOR-US: Concrete CMS CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...) @@ -12053,7 +12077,7 @@ CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) .. NOT-FOR-US: firefly-iii CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii -CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has a vulnerability affecting in ...) +CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...) NOT-FOR-US: Jamf Pro CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) NOT-FOR-US: MISP @@ -19130,16 +19154,16 @@ CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and NOT-FOR-US: EMC CVE-2021-36331 RESERVED -CVE-2021-36330 - RESERVED -CVE-2021-36329 - RESERVED -CVE-2021-36328 - RESERVED -CVE-2021-36327 - RESERVED -CVE-2021-36326 - RESERVED +CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...) + TODO: check +CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...) + TODO: check +CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...) + TODO: check +CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server ...) + TODO: check +CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...) + TODO: check CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...) @@ -56315,42 +56339,42 @@ CVE-2021-20866 RESERVED CVE-2021-20865 RESERVED -CVE-2021-20864 - RESERVED -CVE-2021-20863 - RESERVED -CVE-2021-20862 - RESERVED -CVE-2021-20861 - RESERVED -CVE-2021-20860 - RESERVED -CVE-2021-20859 - RESERVED -CVE-2021-20858 - RESERVED -CVE-2021-20857 - RESERVED -CVE-2021-20856 - RESERVED -CVE-2021-20855 - RESERVED -CVE-2021-20854 - RESERVED -CVE-2021-20853 - RESERVED -CVE-2021-20852 - RESERVED -CVE-2021-20851 - RESERVED +CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...) + TODO: check +CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...) + TODO: check +CVE-2021-20862 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...) + TODO: check +CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...) + TODO: check +CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers ...) + TODO: check +CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST ...) + TODO: check +CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...) + TODO: check +CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...) + TODO: check +CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...) + TODO: check +CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...) + TODO: check +CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...) + TODO: check +CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...) + TODO: check +CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmwa ...) + TODO: check +CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and Operati ...) + TODO: check CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...) NOT-FOR-US: PowerCMS CVE-2021-20849 RESERVED CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...) NOT-FOR-US: rwtxt -CVE-2021-20847 - RESERVED +CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G ...) + TODO: check CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications ...) NOT-FOR-US: WordPress plugin CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 24adba79a0..004073da1b 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,23 @@ +CVE-2022-21240 + RESERVED +CVE-2022-21237 + RESERVED +CVE-2022-21218 + RESERVED +CVE-2022-21212 + RESERVED +CVE-2022-21197 + RESERVED +CVE-2022-21172 + RESERVED +CVE-2022-21160 + RESERVED +CVE-2022-21140 + RESERVED +CVE-2022-21139 + RESERVED +CVE-2022-21133 + RESERVED CVE-2022-21792 RESERVED CVE-2022-21791 -- cgit v1.2.3