From 876e640465ed6f5ca1f56b517d125232ff977713 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 1 Dec 2021 20:10:21 +0000 Subject: automatic update --- data/CVE/2020.list | 4 +- data/CVE/2021.list | 227 +++++++++++++++++++++++++++++++++++------------------ 2 files changed, 151 insertions(+), 80 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 1305eab364..1099f35edd 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -48354,8 +48354,8 @@ CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML in NOT-FOR-US: WebAccess/NMS CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) NOT-FOR-US: ControlEdge PLC -CVE-2020-10627 - RESERVED +CVE-2020-10627 (Insulet Omnipod Insulin Management System insulin pump product ID 1919 ...) + TODO: check CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) NOT-FOR-US: Fazecast jSerialComm CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 6fc9e7edcb..96a686c02f 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,73 @@ +CVE-2021-44511 + RESERVED +CVE-2021-44510 + RESERVED +CVE-2021-44509 + RESERVED +CVE-2021-44508 + RESERVED +CVE-2021-44507 + RESERVED +CVE-2021-44506 + RESERVED +CVE-2021-44505 + RESERVED +CVE-2021-44504 + RESERVED +CVE-2021-44503 + RESERVED +CVE-2021-44502 + RESERVED +CVE-2021-44501 + RESERVED +CVE-2021-44500 + RESERVED +CVE-2021-44499 + RESERVED +CVE-2021-44498 + RESERVED +CVE-2021-44497 + RESERVED +CVE-2021-44496 + RESERVED +CVE-2021-44495 + RESERVED +CVE-2021-44494 + RESERVED +CVE-2021-44493 + RESERVED +CVE-2021-44492 + RESERVED +CVE-2021-44491 + RESERVED +CVE-2021-44490 + RESERVED +CVE-2021-44489 + RESERVED +CVE-2021-44488 + RESERVED +CVE-2021-44487 + RESERVED +CVE-2021-44486 + RESERVED +CVE-2021-44485 + RESERVED +CVE-2021-44484 + RESERVED +CVE-2021-44483 + RESERVED +CVE-2021-44482 + RESERVED +CVE-2021-44481 + RESERVED +CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...) + TODO: check +CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...) + TODO: check +CVE-2021-44478 + RESERVED +CVE-2021-4038 + RESERVED CVE-2021-44470 RESERVED CVE-2021-4037 @@ -396,14 +466,14 @@ CVE-2021-44282 RESERVED CVE-2021-44281 RESERVED -CVE-2021-44280 - RESERVED -CVE-2021-44279 - RESERVED +CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...) + TODO: check +CVE-2021-44279 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting ...) + TODO: check CVE-2021-44278 RESERVED -CVE-2021-44277 - RESERVED +CVE-2021-44277 (Librenms 21.11.0 is affected by is affected by a Cross Site Scripting ...) + TODO: check CVE-2021-44276 RESERVED CVE-2021-44275 @@ -568,8 +638,8 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input D NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/ NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd NOTE: Issues only in janus-demos built from src:janus -CVE-2021-4019 - RESERVED +CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...) + TODO: check CVE-2021-44220 RESERVED CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...) @@ -598,10 +668,10 @@ CVE-2021-44208 RESERVED CVE-2021-44207 RESERVED -CVE-2021-4018 - RESERVED -CVE-2021-4017 - RESERVED +CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + TODO: check +CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + TODO: check CVE-2021-44206 RESERVED CVE-2021-44205 @@ -626,8 +696,8 @@ CVE-2021-44196 RESERVED CVE-2021-4016 RESERVED -CVE-2021-4015 - RESERVED +CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + TODO: check CVE-2021-4014 RESERVED CVE-2021-4013 @@ -910,22 +980,22 @@ CVE-2021-3996 RESERVED CVE-2021-3995 RESERVED -CVE-2021-3994 - RESERVED -CVE-2021-3993 - RESERVED -CVE-2021-3992 - RESERVED +CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) + TODO: check +CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + TODO: check +CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...) + TODO: check CVE-2021-44078 RESERVED CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-3991 RESERVED -CVE-2021-3990 - RESERVED -CVE-2021-3989 - RESERVED +CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) + TODO: check +CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...) + TODO: check CVE-2021-3988 RESERVED CVE-2021-3987 @@ -1004,12 +1074,12 @@ CVE-2021-44042 RESERVED CVE-2021-44041 RESERVED -CVE-2021-3985 - RESERVED -CVE-2021-3984 - RESERVED -CVE-2021-3983 - RESERVED +CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) + TODO: check +CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...) + TODO: check +CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) + TODO: check CVE-2021-44040 RESERVED CVE-2021-44039 @@ -1620,8 +1690,8 @@ CVE-2021-43772 RESERVED CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...) NOT-FOR-US: Trend Micro -CVE-2021-3964 - RESERVED +CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key ...) + TODO: check CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: kimai2 CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...) @@ -1780,34 +1850,34 @@ CVE-2021-43700 RESERVED CVE-2021-43699 RESERVED -CVE-2021-43698 (An unspecified version of phpWhois is affected by a Cross Site Scripti ...) +CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...) NOT-FOR-US: phpWhois -CVE-2021-43697 (An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cr ...) +CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...) NOT-FOR-US: Workerman-ThinkPHP-Redis -CVE-2021-43696 (An unspecified version of twmap is affected by a Cross Site Scripting ...) +CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...) NOT-FOR-US: twmap -CVE-2021-43695 (An unspecified version of issabelPBX is affected by a Cross Site Scrip ...) +CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...) NOT-FOR-US: issabelPBX CVE-2021-43694 RESERVED CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...) NOT-FOR-US: Vesta Control Panel -CVE-2021-43692 (An unspecified version of youtube-php-mirroring is affected by a Cross ...) +CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...) NOT-FOR-US: youtube-php-mirroring -CVE-2021-43691 (An unspecified version of tripexpress is affected by a path manipulati ...) +CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...) NOT-FOR-US: tripexpress -CVE-2021-43690 - RESERVED -CVE-2021-43689 - RESERVED +CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + TODO: check +CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by is affected by a Cros ...) + TODO: check CVE-2021-43688 RESERVED -CVE-2021-43687 - RESERVED +CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...) + TODO: check CVE-2021-43686 RESERVED -CVE-2021-43685 - RESERVED +CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...) + TODO: check CVE-2021-43684 RESERVED CVE-2021-43683 @@ -2403,8 +2473,8 @@ CVE-2021-43453 RESERVED CVE-2021-43452 RESERVED -CVE-2021-43451 - RESERVED +CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...) + TODO: check CVE-2021-43450 RESERVED CVE-2021-43449 @@ -3936,8 +4006,8 @@ CVE-2021-42778 RESERVED CVE-2021-42777 RESERVED -CVE-2021-42776 - RESERVED +CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...) + TODO: check CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) @@ -6384,7 +6454,8 @@ CVE-2021-41750 RESERVED CVE-2021-41749 RESERVED -CVE-2021-41748 (An Incorrect Access Control issue exists in all versions of Portainer. ...) +CVE-2021-41748 + REJECTED NOT-FOR-US: Portainer CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) NOT-FOR-US: Csdn APP @@ -6442,7 +6513,8 @@ CVE-2021-41722 RESERVED CVE-2021-41721 RESERVED -CVE-2021-41720 (** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 all ...) +CVE-2021-41720 + REJECTED - node-lodash (unimportant) NOTE: https://github.com/lodash/lodash/issues/5261 NOTE: Disputed security impact and validitity of the issue @@ -10127,8 +10199,8 @@ CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020 NOT-FOR-US: Autodesk CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...) NOT-FOR-US: Multipass -CVE-2021-40154 - RESERVED +CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...) + TODO: check CVE-2021-40152 RESERVED CVE-2021-40151 @@ -13851,8 +13923,7 @@ CVE-2021-38577 RESERVED CVE-2021-38576 RESERVED -CVE-2021-38575 [edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe] - RESERVED +CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...) - edk2 2021.08-1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) @@ -23140,8 +23211,8 @@ CVE-2021-34601 RESERVED CVE-2021-34600 RESERVED -CVE-2021-34599 - RESERVED +CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) + TODO: check CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) NOT-FOR-US: Phoenix CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...) @@ -27978,8 +28049,8 @@ CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface o NOT-FOR-US: FortiPortal CVE-2021-32593 RESERVED -CVE-2021-32592 - RESERVED +CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...) + TODO: check CVE-2021-32591 RESERVED CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...) @@ -34941,8 +35012,8 @@ CVE-2021-29865 RESERVED CVE-2021-29864 RESERVED -CVE-2021-29863 - RESERVED +CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...) + TODO: check CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) @@ -34969,8 +35040,8 @@ CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to obta NOT-FOR-US: IBM CVE-2021-29850 RESERVED -CVE-2021-29849 - RESERVED +CVE-2021-29849 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) + TODO: check CVE-2021-29848 RESERVED CVE-2021-29847 @@ -35109,8 +35180,8 @@ CVE-2021-29781 (IBM Partner Engagement Manager 2.0 could allow a remote attacker NOT-FOR-US: IBM CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...) NOT-FOR-US: IBM -CVE-2021-29779 - RESERVED +CVE-2021-29779 (IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitiv ...) + TODO: check CVE-2021-29778 RESERVED CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) @@ -43319,8 +43390,8 @@ CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may NOT-FOR-US: AMD CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...) NOT-FOR-US: AMD -CVE-2021-26334 - RESERVED +CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower ...) + TODO: check CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...) NOT-FOR-US: AMD CVE-2021-26332 @@ -44306,8 +44377,8 @@ CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnera NOT-FOR-US: Camaleon CMS CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a ...) NOT-FOR-US: OpenCMS -CVE-2021-25967 - RESERVED +CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...) + TODO: check CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...) NOT-FOR-US: Orchard CMS CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...) @@ -56858,12 +56929,12 @@ CVE-2021-20613 RESERVED CVE-2021-20612 RESERVED -CVE-2021-20611 - RESERVED -CVE-2021-20610 - RESERVED -CVE-2021-20609 - RESERVED +CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...) + TODO: check +CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...) + TODO: check +CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...) + TODO: check CVE-2021-20608 RESERVED CVE-2021-20607 @@ -57280,8 +57351,8 @@ CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allo NOT-FOR-US: IBM CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM -CVE-2021-20400 - RESERVED +CVE-2021-20400 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...) + TODO: check CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...) NOT-FOR-US: IBM CVE-2021-20398 -- cgit v1.2.3