From a80707eabe53cbd5057d79263103fed66d3f26a4 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 30 Nov 2021 20:10:19 +0000 Subject: automatic update --- data/CVE/2020.list | 10 +-- data/CVE/2021.list | 224 +++++++++++++++++++++++++++++++++++------------------ 2 files changed, 153 insertions(+), 81 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 3e1f949cd5..117b993554 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -12958,7 +12958,7 @@ CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html CVE-2020-25717 [A user on the domain can become root on domain members] RESERVED - {DSA-5003-1} + {DSA-5015-1 DSA-5003-1} - samba 2:4.13.14+dfsg-1 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 @@ -54778,10 +54778,10 @@ CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can s NOT-FOR-US: anySign CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...) NOT-FOR-US: AfreecaTV -CVE-2020-7880 - RESERVED -CVE-2020-7879 - RESERVED +CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...) + TODO: check +CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...) + TODO: check CVE-2020-7878 RESERVED CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 5301f1d514..1c314b85ca 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,75 @@ +CVE-2021-44464 + RESERVED +CVE-2021-44453 + RESERVED +CVE-2021-44451 + RESERVED +CVE-2021-44450 + RESERVED +CVE-2021-44449 + RESERVED +CVE-2021-44448 + RESERVED +CVE-2021-44447 + RESERVED +CVE-2021-44446 + RESERVED +CVE-2021-44445 + RESERVED +CVE-2021-44444 + RESERVED +CVE-2021-44443 + RESERVED +CVE-2021-44442 + RESERVED +CVE-2021-44441 + RESERVED +CVE-2021-44440 + RESERVED +CVE-2021-44439 + RESERVED +CVE-2021-44438 + RESERVED +CVE-2021-44437 + RESERVED +CVE-2021-44436 + RESERVED +CVE-2021-44435 + RESERVED +CVE-2021-44434 + RESERVED +CVE-2021-44433 + RESERVED +CVE-2021-44432 + RESERVED +CVE-2021-44431 + RESERVED +CVE-2021-44430 + RESERVED +CVE-2021-43355 + RESERVED +CVE-2021-41835 + RESERVED +CVE-2021-4035 + RESERVED +CVE-2021-33848 + RESERVED +CVE-2021-33846 + RESERVED +CVE-2021-33843 + RESERVED +CVE-2021-31562 + RESERVED +CVE-2021-23236 + RESERVED +CVE-2021-23233 + RESERVED +CVE-2021-23207 + RESERVED +CVE-2021-23196 + RESERVED +CVE-2021-23195 + RESERVED CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Serva CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) @@ -418,8 +490,8 @@ CVE-2021-44232 RESERVED CVE-2021-44231 RESERVED -CVE-2021-44230 - RESERVED +CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...) + TODO: check CVE-2021-44229 RESERVED CVE-2021-44228 @@ -1031,8 +1103,8 @@ CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a po - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) -CVE-2021-43998 - RESERVED +CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...) + TODO: check CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...) NOT-FOR-US: Amazon FreeRTOS CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...) @@ -1520,8 +1592,8 @@ CVE-2021-43773 RESERVED CVE-2021-43772 RESERVED -CVE-2021-43771 - RESERVED +CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...) + TODO: check CVE-2021-3964 RESERVED CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -2613,8 +2685,8 @@ CVE-2021-43321 RESERVED CVE-2021-43320 RESERVED -CVE-2021-43319 - RESERVED +CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...) + TODO: check CVE-2021-43318 RESERVED CVE-2021-43317 @@ -2679,12 +2751,12 @@ CVE-2021-23214 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24) -CVE-2021-43296 - RESERVED -CVE-2021-43295 - RESERVED -CVE-2021-43294 - RESERVED +CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an ...) + TODO: check +CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) + TODO: check +CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) + TODO: check CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...) NOT-FOR-US: Sonatype CVE-2021-43292 @@ -2703,12 +2775,12 @@ CVE-2021-43286 RESERVED CVE-2021-43285 RESERVED -CVE-2021-43284 - RESERVED -CVE-2021-43283 - RESERVED -CVE-2021-43282 - RESERVED +CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...) + TODO: check +CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...) + TODO: check +CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...) + TODO: check CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...) NOT-FOR-US: MyBB CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...) @@ -2880,8 +2952,8 @@ CVE-2021-3919 RESERVED CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...) NOT-FOR-US: JetBrains Ktor -CVE-2021-43202 - RESERVED +CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...) + TODO: check CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...) @@ -4344,10 +4416,10 @@ CVE-2021-42547 RESERVED CVE-2021-42546 RESERVED -CVE-2021-42545 - RESERVED -CVE-2021-42544 - RESERVED +CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...) + TODO: check +CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...) + TODO: check CVE-2021-42543 (The affected application uses specific functions that could be abused ...) NOT-FOR-US: AzeoTech CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...) @@ -5312,24 +5384,24 @@ CVE-2021-42125 RESERVED CVE-2021-42124 RESERVED -CVE-2021-42123 - RESERVED -CVE-2021-42122 - RESERVED -CVE-2021-42121 - RESERVED -CVE-2021-42120 - RESERVED -CVE-2021-42119 - RESERVED -CVE-2021-42118 - RESERVED -CVE-2021-42117 - RESERVED -CVE-2021-42116 - RESERVED -CVE-2021-42115 - RESERVED +CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...) + TODO: check +CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...) + TODO: check +CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...) + TODO: check +CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...) + TODO: check +CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) + TODO: check +CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) + TODO: check +CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...) + TODO: check +CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...) + TODO: check +CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...) + TODO: check CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...) NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith) NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf @@ -5396,8 +5468,8 @@ CVE-2021-41133 (Flatpak is a system for building, distributing, and running sand NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861 CVE-2021-42100 RESERVED -CVE-2021-42099 - RESERVED +CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...) + TODO: check CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...) NOT-FOR-US: Devolutions CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...) @@ -6397,12 +6469,12 @@ CVE-2021-41681 RESERVED CVE-2021-41680 RESERVED -CVE-2021-41679 - RESERVED -CVE-2021-41678 - RESERVED -CVE-2021-41677 - RESERVED +CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + TODO: check +CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + TODO: check +CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + TODO: check CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) NOT-FOR-US: oretnom23 Pharmacy Point of Sale System CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) @@ -9157,8 +9229,8 @@ CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...) NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402) NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 -CVE-2021-3769 - RESERVED +CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...) + TODO: check CVE-2021-40514 RESERVED CVE-2021-40513 @@ -11973,12 +12045,12 @@ CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypas NOT-FOR-US: OpenBMC CVE-2021-39295 RESERVED -CVE-2021-3727 - RESERVED -CVE-2021-3726 - RESERVED -CVE-2021-3725 - RESERVED +CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...) + TODO: check +CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...) + TODO: check +CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...) + TODO: check CVE-2021-3724 RESERVED NOT-FOR-US: Red Hat Serverless @@ -12799,10 +12871,10 @@ CVE-2021-39002 RESERVED CVE-2021-39001 RESERVED -CVE-2021-39000 - RESERVED -CVE-2021-38999 - RESERVED +CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...) + TODO: check +CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...) + TODO: check CVE-2021-38998 RESERVED CVE-2021-38997 @@ -12865,8 +12937,8 @@ CVE-2021-38969 RESERVED CVE-2021-38968 RESERVED -CVE-2021-38967 - RESERVED +CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...) + TODO: check CVE-2021-38966 RESERVED CVE-2021-38965 @@ -12883,8 +12955,8 @@ CVE-2021-38960 RESERVED CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...) NOT-FOR-US: IBM -CVE-2021-38958 - RESERVED +CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...) + TODO: check CVE-2021-38957 RESERVED CVE-2021-38956 @@ -29945,8 +30017,8 @@ CVE-2021-31789 RESERVED CVE-2021-31788 RESERVED -CVE-2021-31787 - RESERVED +CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...) + TODO: check CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...) NOT-FOR-US: Actions ATS CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...) @@ -42521,8 +42593,8 @@ CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. NOT-FOR-US: IpTime C200 camera CVE-2021-26613 RESERVED -CVE-2021-26612 - RESERVED +CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...) + TODO: check CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...) NOT-FOR-US: HejHome GKW-IC052 IP Camera CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...) @@ -44134,8 +44206,8 @@ CVE-2021-25989 RESERVED CVE-2021-25988 RESERVED -CVE-2021-25987 - RESERVED +CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The po ...) + TODO: check CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...) NOT-FOR-US: Django-wiki CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...) @@ -53013,8 +53085,8 @@ CVE-2021-22096 (In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and [buster] - libspring-java (Minor issue) [stretch] - libspring-java (Minor issue, no known patch) NOTE: https://github.com/spring-projects/spring-framework/issues/27647 (patch unidentifiable) -CVE-2021-22095 - RESERVED +CVE-2021-22095 (In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring ...) + TODO: check CVE-2021-22094 RESERVED CVE-2021-22093 -- cgit v1.2.3