From 07b51db7faf613f8e621195e7ba4a1862aaabd20 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 8 Dec 2021 08:10:15 +0000 Subject: automatic update --- data/CVE/2018.list | 2 +- data/CVE/2020.list | 8 +- data/CVE/2021.list | 272 +++++++++++++++++++++++++++++++++++------------------ 3 files changed, 183 insertions(+), 99 deletions(-) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index fe7a91d51f..077e53de9e 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,4 +1,4 @@ -CVE-2018-25020 [bpf: fix truncated jump targets on heavy expansions] +CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...) - linux 4.17.3-1 NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7) CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index df8b890077..54f5baf7dd 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -9157,8 +9157,8 @@ CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10. NOT-FOR-US: REDCap CVE-2020-27357 RESERVED -CVE-2020-27356 - RESERVED +CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...) + TODO: check CVE-2020-27355 RESERVED CVE-2020-27354 @@ -20453,8 +20453,8 @@ CVE-2020-22423 RESERVED CVE-2020-22422 RESERVED -CVE-2020-22421 - RESERVED +CVE-2020-22421 (74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vu ...) + TODO: check CVE-2020-22420 RESERVED CVE-2020-22419 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index d522ec0a57..f05b195ef2 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,89 @@ +CVE-2021-44738 + RESERVED +CVE-2021-44737 + RESERVED +CVE-2021-44736 + RESERVED +CVE-2021-44735 + RESERVED +CVE-2021-44734 + RESERVED +CVE-2021-44733 + RESERVED +CVE-2021-44732 + RESERVED +CVE-2021-44731 + RESERVED +CVE-2021-44730 + RESERVED +CVE-2021-44729 + RESERVED +CVE-2021-44728 + RESERVED +CVE-2021-44727 + RESERVED +CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...) + TODO: check +CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...) + TODO: check +CVE-2021-44724 + RESERVED +CVE-2021-44723 + RESERVED +CVE-2021-44722 + RESERVED +CVE-2021-44721 + RESERVED +CVE-2021-44720 + RESERVED +CVE-2021-44719 + RESERVED +CVE-2021-44718 + RESERVED +CVE-2021-44717 + RESERVED +CVE-2021-44716 + RESERVED +CVE-2021-44715 + RESERVED +CVE-2021-44714 + RESERVED +CVE-2021-44713 + RESERVED +CVE-2021-44712 + RESERVED +CVE-2021-44711 + RESERVED +CVE-2021-44710 + RESERVED +CVE-2021-44709 + RESERVED +CVE-2021-44708 + RESERVED +CVE-2021-44707 + RESERVED +CVE-2021-44706 + RESERVED +CVE-2021-44705 + RESERVED +CVE-2021-44704 + RESERVED +CVE-2021-44703 + RESERVED +CVE-2021-44702 + RESERVED +CVE-2021-44701 + RESERVED +CVE-2021-44700 + RESERVED +CVE-2021-44699 + RESERVED +CVE-2021-44698 + RESERVED +CVE-2021-44697 + RESERVED +CVE-2021-44696 + RESERVED CVE-2021-44695 RESERVED CVE-2021-44694 @@ -683,8 +769,7 @@ CVE-2021-44422 RESERVED CVE-2021-44421 RESERVED -CVE-2021-44420 [Potential bypass of an upstream access control based on URL paths] - RESERVED +CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) - python-django 2:3.2.10-1 [bullseye] - python-django (Minor issue) [buster] - python-django (Minor issue) @@ -1327,10 +1412,10 @@ CVE-2021-44151 RESERVED CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...) NOT-FOR-US: tusdotnet -CVE-2021-44149 - RESERVED -CVE-2021-44148 - RESERVED +CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...) + TODO: check +CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...) + TODO: check CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...) NOT-FOR-US: Claris CVE-2021-44146 @@ -1793,8 +1878,8 @@ CVE-2021-43965 RESERVED CVE-2021-43964 RESERVED -CVE-2021-43963 - RESERVED +CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...) + TODO: check CVE-2021-43962 RESERVED CVE-2021-43961 @@ -2126,12 +2211,12 @@ CVE-2021-43812 RESERVED CVE-2021-43811 RESERVED -CVE-2021-43810 - RESERVED +CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...) + TODO: check CVE-2021-43809 RESERVED -CVE-2021-43808 - RESERVED +CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...) + TODO: check CVE-2021-43807 RESERVED CVE-2021-43806 @@ -2497,10 +2582,10 @@ CVE-2021-43640 RESERVED CVE-2021-43639 RESERVED -CVE-2021-43638 - RESERVED -CVE-2021-43637 - RESERVED +CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...) + TODO: check +CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...) + TODO: check CVE-2021-43636 RESERVED CVE-2021-43635 @@ -4115,76 +4200,76 @@ CVE-2021-43008 RESERVED CVE-2021-43007 RESERVED -CVE-2021-43006 - RESERVED +CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...) + TODO: check CVE-2021-43005 RESERVED CVE-2021-43004 RESERVED -CVE-2021-43003 - RESERVED -CVE-2021-43002 - RESERVED +CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...) + TODO: check +CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...) + TODO: check CVE-2021-43001 RESERVED -CVE-2021-43000 - RESERVED +CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...) + TODO: check CVE-2021-42999 RESERVED CVE-2021-42998 RESERVED CVE-2021-42997 RESERVED -CVE-2021-42996 - RESERVED +CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...) + TODO: check CVE-2021-42995 RESERVED -CVE-2021-42994 - RESERVED -CVE-2021-42993 - RESERVED +CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...) + TODO: check +CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...) + TODO: check CVE-2021-42992 RESERVED CVE-2021-42991 RESERVED -CVE-2021-42990 - RESERVED +CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...) + TODO: check CVE-2021-42989 RESERVED -CVE-2021-42988 - RESERVED -CVE-2021-42987 - RESERVED -CVE-2021-42986 - RESERVED +CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...) + TODO: check +CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...) + TODO: check +CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...) + TODO: check CVE-2021-42985 RESERVED CVE-2021-42984 RESERVED -CVE-2021-42983 - RESERVED +CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...) + TODO: check CVE-2021-42982 RESERVED CVE-2021-42981 RESERVED -CVE-2021-42980 - RESERVED -CVE-2021-42979 - RESERVED +CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...) + TODO: check +CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...) + TODO: check CVE-2021-42978 RESERVED -CVE-2021-42977 - RESERVED -CVE-2021-42976 - RESERVED +CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...) + TODO: check +CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...) + TODO: check CVE-2021-42975 RESERVED CVE-2021-42974 RESERVED -CVE-2021-42973 - RESERVED -CVE-2021-42972 - RESERVED +CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...) + TODO: check +CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...) + TODO: check CVE-2021-42971 RESERVED CVE-2021-42970 @@ -4741,8 +4826,7 @@ CVE-2021-42718 RESERVED CVE-2021-3894 RESERVED -CVE-2021-42717 [ModSecurity DoS Vulnerability in JSON Parsing] - RESERVED +CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...) - modsecurity 3.0.6-1 - modsecurity-apache 2.9.5-1 [stretch] - modsecurity-apache (revisit when/if fixed upstream) @@ -4813,22 +4897,22 @@ CVE-2021-42690 RESERVED CVE-2021-42689 RESERVED -CVE-2021-42688 - RESERVED -CVE-2021-42687 - RESERVED -CVE-2021-42686 - RESERVED -CVE-2021-42685 - RESERVED +CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...) + TODO: check +CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + TODO: check +CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...) + TODO: check +CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + TODO: check CVE-2021-42684 RESERVED -CVE-2021-42683 - RESERVED -CVE-2021-42682 - RESERVED -CVE-2021-42681 - RESERVED +CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + TODO: check +CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + TODO: check +CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...) + TODO: check CVE-2021-42680 RESERVED CVE-2021-42679 @@ -5060,8 +5144,8 @@ CVE-2021-42569 RESERVED CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...) NOT-FOR-US: Sonatype -CVE-2021-42567 - RESERVED +CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...) + TODO: check CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...) NOT-FOR-US: myfactory.FMS CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...) @@ -8013,12 +8097,12 @@ CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow NOT-FOR-US: Atlassian CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...) NOT-FOR-US: Atlassian -CVE-2021-41311 - RESERVED +CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...) + TODO: check CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian -CVE-2021-41309 - RESERVED +CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...) + TODO: check CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) @@ -9777,8 +9861,8 @@ CVE-2021-40580 RESERVED CVE-2021-40579 RESERVED -CVE-2021-40578 - RESERVED +CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was ...) + TODO: check CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester CVE-2021-40576 @@ -10542,8 +10626,8 @@ CVE-2021-40290 RESERVED CVE-2021-40289 RESERVED -CVE-2021-40288 - RESERVED +CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) + TODO: check CVE-2021-40287 RESERVED CVE-2021-40286 @@ -14173,8 +14257,8 @@ CVE-2021-38761 RESERVED CVE-2021-38760 RESERVED -CVE-2021-38759 - RESERVED +CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...) + TODO: check CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...) NOT-FOR-US: Directory traversal in Online Catering Reservation System CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) @@ -18966,8 +19050,8 @@ CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack th NOT-FOR-US: HCC Embedded InterNiche NicheStack CVE-2021-36761 RESERVED -CVE-2021-36760 - RESERVED +CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...) + TODO: check CVE-2021-36759 RESERVED CVE-2021-3651 @@ -20350,8 +20434,8 @@ CVE-2021-36135 RESERVED CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...) NOT-FOR-US: McAfee -CVE-2021-36133 - RESERVED +CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...) + TODO: check CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...) NOT-FOR-US: FileImport MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ @@ -24062,10 +24146,10 @@ CVE-2021-34546 (An unauthenticated attacker with physical access to a computer w NOT-FOR-US: NetSetMan Pro CVE-2021-34545 RESERVED -CVE-2021-34544 - RESERVED -CVE-2021-34543 - RESERVED +CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...) + TODO: check +CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...) + TODO: check CVE-2021-34542 RESERVED CVE-2021-34541 @@ -38579,8 +38663,8 @@ CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remo - envoyproxy (bug #987544) CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...) NOT-FOR-US: Pion WebRTC -CVE-2021-28680 - RESERVED +CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...) + TODO: check CVE-2021-28679 RESERVED CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...) @@ -43614,8 +43698,8 @@ CVE-2021-3372 RESERVED CVE-2021-3371 RESERVED -CVE-2021-3370 - RESERVED +CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...) + TODO: check CVE-2021-3369 RESERVED CVE-2021-3368 @@ -49447,8 +49531,8 @@ CVE-2021-24043 RESERVED CVE-2021-24042 RESERVED -CVE-2021-24041 - RESERVED +CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...) + TODO: check CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...) NOT-FOR-US: Facebook ParlAI CVE-2021-24039 -- cgit v1.2.3