diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-18 20:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-18 20:10:28 +0000 |
commit | 9a74fe883456bae65bf3f663f378fc9fcf8179e2 (patch) | |
tree | d54fc44f130a2c83578d4ca2ccc19a6d274cec6f /data/CVE | |
parent | 7d37e96edb81f3bfc41071e41a1251e7f1c9129f (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list | 660 |
1 files changed, 517 insertions, 143 deletions
diff --git a/data/CVE/list b/data/CVE/list index fd52008f93..f6f47f20ad 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,387 @@ +CVE-2022-23398 + RESERVED +CVE-2022-23397 + RESERVED +CVE-2022-23396 + RESERVED +CVE-2022-23395 + RESERVED +CVE-2022-23394 + RESERVED +CVE-2022-23393 + RESERVED +CVE-2022-23392 + RESERVED +CVE-2022-23391 + RESERVED +CVE-2022-23390 + RESERVED +CVE-2022-23389 + RESERVED +CVE-2022-23388 + RESERVED +CVE-2022-23387 + RESERVED +CVE-2022-23386 + RESERVED +CVE-2022-23385 + RESERVED +CVE-2022-23384 + RESERVED +CVE-2022-23383 + RESERVED +CVE-2022-23382 + RESERVED +CVE-2022-23381 + RESERVED +CVE-2022-23380 + RESERVED +CVE-2022-23379 + RESERVED +CVE-2022-23378 + RESERVED +CVE-2022-23377 + RESERVED +CVE-2022-23376 + RESERVED +CVE-2022-23375 + RESERVED +CVE-2022-23374 + RESERVED +CVE-2022-23373 + RESERVED +CVE-2022-23372 + RESERVED +CVE-2022-23371 + RESERVED +CVE-2022-23370 + RESERVED +CVE-2022-23369 + RESERVED +CVE-2022-23368 + RESERVED +CVE-2022-23367 + RESERVED +CVE-2022-23366 + RESERVED +CVE-2022-23365 + RESERVED +CVE-2022-23364 + RESERVED +CVE-2022-23363 + RESERVED +CVE-2022-23362 + RESERVED +CVE-2022-23361 + RESERVED +CVE-2022-23360 + RESERVED +CVE-2022-23359 + RESERVED +CVE-2022-23358 + RESERVED +CVE-2022-23357 + RESERVED +CVE-2022-23356 + RESERVED +CVE-2022-23355 + RESERVED +CVE-2022-23354 + RESERVED +CVE-2022-23353 + RESERVED +CVE-2022-23352 + RESERVED +CVE-2022-23351 + RESERVED +CVE-2022-23350 + RESERVED +CVE-2022-23349 + RESERVED +CVE-2022-23348 + RESERVED +CVE-2022-23347 + RESERVED +CVE-2022-23346 + RESERVED +CVE-2022-23345 + RESERVED +CVE-2022-23344 + RESERVED +CVE-2022-23343 + RESERVED +CVE-2022-23342 + RESERVED +CVE-2022-23341 + RESERVED +CVE-2022-23340 + RESERVED +CVE-2022-23339 + RESERVED +CVE-2022-23338 + RESERVED +CVE-2022-23337 + RESERVED +CVE-2022-23336 + RESERVED +CVE-2022-23335 + RESERVED +CVE-2022-23334 + RESERVED +CVE-2022-23333 + RESERVED +CVE-2022-23332 + RESERVED +CVE-2022-23331 + RESERVED +CVE-2022-23330 + RESERVED +CVE-2022-23329 + RESERVED +CVE-2022-23328 + RESERVED +CVE-2022-23327 + RESERVED +CVE-2022-23326 + RESERVED +CVE-2022-23325 + RESERVED +CVE-2022-23324 + RESERVED +CVE-2022-23323 + RESERVED +CVE-2022-23322 + RESERVED +CVE-2022-23321 + RESERVED +CVE-2022-23320 + RESERVED +CVE-2022-23319 + RESERVED +CVE-2022-23318 + RESERVED +CVE-2022-23317 + RESERVED +CVE-2022-23316 + RESERVED +CVE-2022-23315 + RESERVED +CVE-2022-23314 + RESERVED +CVE-2022-23313 + RESERVED +CVE-2022-22137 + RESERVED +CVE-2022-21801 + RESERVED +CVE-2022-21796 + RESERVED +CVE-2022-0274 + RESERVED +CVE-2022-0273 + RESERVED +CVE-2022-0272 + RESERVED +CVE-2022-0271 + RESERVED +CVE-2022-0270 + RESERVED +CVE-2022-0269 + RESERVED +CVE-2022-0268 + RESERVED +CVE-2022-0267 + RESERVED +CVE-2021-46399 + RESERVED +CVE-2021-46398 + RESERVED +CVE-2021-46397 + RESERVED +CVE-2021-46396 + RESERVED +CVE-2021-46395 + RESERVED +CVE-2021-46394 + RESERVED +CVE-2021-46393 + RESERVED +CVE-2021-46392 + RESERVED +CVE-2021-46391 + RESERVED +CVE-2021-46390 + RESERVED +CVE-2021-46389 + RESERVED +CVE-2021-46388 + RESERVED +CVE-2021-46387 + RESERVED +CVE-2021-46386 + RESERVED +CVE-2021-46385 + RESERVED +CVE-2021-46384 + RESERVED +CVE-2021-46383 + RESERVED +CVE-2021-46382 + RESERVED +CVE-2021-46381 + RESERVED +CVE-2021-46380 + RESERVED +CVE-2021-46379 + RESERVED +CVE-2021-46378 + RESERVED +CVE-2021-46377 + RESERVED +CVE-2021-46376 + RESERVED +CVE-2021-46375 + RESERVED +CVE-2021-46374 + RESERVED +CVE-2021-46373 + RESERVED +CVE-2021-46372 + RESERVED +CVE-2021-46371 + RESERVED +CVE-2021-46370 + RESERVED +CVE-2021-46369 + RESERVED +CVE-2021-46368 + RESERVED +CVE-2021-46367 + RESERVED +CVE-2021-46366 + RESERVED +CVE-2021-46365 + RESERVED +CVE-2021-46364 + RESERVED +CVE-2021-46363 + RESERVED +CVE-2021-46362 + RESERVED +CVE-2021-46361 + RESERVED +CVE-2021-46360 + RESERVED +CVE-2021-46359 + RESERVED +CVE-2021-46358 + RESERVED +CVE-2021-46357 + RESERVED +CVE-2021-46356 + RESERVED +CVE-2021-46355 + RESERVED +CVE-2021-46354 + RESERVED +CVE-2021-46353 + RESERVED +CVE-2021-46352 + RESERVED +CVE-2021-46351 + RESERVED +CVE-2021-46350 + RESERVED +CVE-2021-46349 + RESERVED +CVE-2021-46348 + RESERVED +CVE-2021-46347 + RESERVED +CVE-2021-46346 + RESERVED +CVE-2021-46345 + RESERVED +CVE-2021-46344 + RESERVED +CVE-2021-46343 + RESERVED +CVE-2021-46342 + RESERVED +CVE-2021-46341 + RESERVED +CVE-2021-46340 + RESERVED +CVE-2021-46339 + RESERVED +CVE-2021-46338 + RESERVED +CVE-2021-46337 + RESERVED +CVE-2021-46336 + RESERVED +CVE-2021-46335 + RESERVED +CVE-2021-46334 + RESERVED +CVE-2021-46333 + RESERVED +CVE-2021-46332 + RESERVED +CVE-2021-46331 + RESERVED +CVE-2021-46330 + RESERVED +CVE-2021-46329 + RESERVED +CVE-2021-46328 + RESERVED +CVE-2021-46327 + RESERVED +CVE-2021-46326 + RESERVED +CVE-2021-46325 + RESERVED +CVE-2021-46324 + RESERVED +CVE-2021-46323 + RESERVED +CVE-2021-46322 + RESERVED +CVE-2021-46321 + RESERVED +CVE-2021-46320 + RESERVED +CVE-2021-46319 + RESERVED +CVE-2021-46318 + RESERVED +CVE-2021-46317 + RESERVED +CVE-2021-46316 + RESERVED +CVE-2021-46315 + RESERVED +CVE-2021-46314 + RESERVED +CVE-2021-46313 + RESERVED +CVE-2021-46312 + RESERVED +CVE-2021-46311 + RESERVED +CVE-2021-46310 + RESERVED +CVE-2021-46309 + RESERVED +CVE-2021-46308 + RESERVED +CVE-2021-46307 + RESERVED +CVE-2021-46306 + RESERVED +CVE-2021-46305 + RESERVED CVE-2022-23312 RESERVED CVE-2022-23311 @@ -12,20 +396,20 @@ CVE-2022-0266 RESERVED CVE-2022-0265 RESERVED -CVE-2022-23307 - RESERVED +CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...) + TODO: check CVE-2022-23306 RESERVED -CVE-2022-23305 - RESERVED -CVE-2022-0263 - RESERVED -CVE-2022-0262 - RESERVED -CVE-2022-0261 - RESERVED -CVE-2022-0260 - RESERVED +CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...) + TODO: check +CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...) + TODO: check +CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + TODO: check +CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) + TODO: check +CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + TODO: check CVE-2022-0259 RESERVED CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...) @@ -71,12 +455,12 @@ CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch] NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6) CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...) NOT-FOR-US: livehelperchat -CVE-2022-0244 - RESERVED +CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check CVE-2022-0243 RESERVED -CVE-2022-23302 - RESERVED +CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) + TODO: check CVE-2022-22142 RESERVED CVE-2022-21805 @@ -255,18 +639,18 @@ CVE-2022-23220 RESERVED CVE-2022-0237 RESERVED -CVE-2022-0236 - RESERVED +CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...) + TODO: check CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...) - node-fetch <unfixed> NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ TODO: check fixing commit CVE-2022-0234 RESERVED -CVE-2022-0233 - RESERVED -CVE-2022-0232 - RESERVED +CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...) + TODO: check +CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...) + TODO: check CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: livehelperchat CVE-2022-0230 @@ -377,8 +761,8 @@ CVE-2022-0218 RESERVED CVE-2022-0216 RESERVED -CVE-2022-0215 - RESERVED +CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) + TODO: check CVE-2022-0214 RESERVED CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) @@ -479,8 +863,8 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448 NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3 -CVE-2022-0210 - RESERVED +CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...) + TODO: check CVE-2022-0209 RESERVED CVE-2022-0208 @@ -759,8 +1143,8 @@ CVE-2022-23085 RESERVED CVE-2022-23084 RESERVED -CVE-2022-23083 - RESERVED +CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...) + TODO: check CVE-2022-23082 RESERVED CVE-2022-23081 @@ -1257,8 +1641,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...) - radare2 <unfixed> NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c -CVE-2022-0172 - RESERVED +CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2022-0171 RESERVED @@ -1901,16 +2284,13 @@ CVE-2022-22734 RESERVED CVE-2022-22733 RESERVED -CVE-2022-0154 - RESERVED +CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> CVE-2022-0153 RESERVED -CVE-2022-0152 - RESERVED +CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> -CVE-2022-0151 - RESERVED +CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> CVE-2022-0150 RESERVED @@ -2076,10 +2456,10 @@ CVE-2022-22693 RESERVED CVE-2022-22692 RESERVED -CVE-2022-22691 - RESERVED -CVE-2022-22690 - RESERVED +CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...) + TODO: check +CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...) + TODO: check CVE-2022-22689 RESERVED CVE-2022-22688 @@ -2141,11 +2521,9 @@ CVE-2022-0127 RESERVED CVE-2022-0126 RESERVED -CVE-2022-0125 - RESERVED +CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> -CVE-2022-0124 - RESERVED +CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab <unfixed> CVE-2022-0123 RESERVED @@ -2607,15 +2985,13 @@ CVE-2022-0095 RESERVED CVE-2022-0094 RESERVED -CVE-2022-0093 - RESERVED +CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab <unfixed> CVE-2022-0092 RESERVED CVE-2022-0091 RESERVED -CVE-2022-0090 - RESERVED +CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab <unfixed> CVE-2022-0089 RESERVED @@ -3423,10 +3799,10 @@ CVE-2021-46015 RESERVED CVE-2021-46014 RESERVED -CVE-2021-46013 - RESERVED +CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...) + TODO: check CVE-2021-46012 - RESERVED + REJECTED CVE-2021-46011 RESERVED CVE-2021-46010 @@ -3439,8 +3815,8 @@ CVE-2021-46007 RESERVED CVE-2021-46006 RESERVED -CVE-2021-46005 - RESERVED +CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...) + TODO: check CVE-2021-46004 RESERVED CVE-2021-46003 @@ -5582,8 +5958,8 @@ CVE-2021-4147 [deadlock and crash in libxl driver] NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 -CVE-2021-4146 - RESERVED +CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) + TODO: check CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c] RESERVED - qemu 1:6.2+dfsg-1 @@ -5721,8 +6097,8 @@ CVE-2021-45396 RESERVED CVE-2021-45395 RESERVED -CVE-2021-45394 - RESERVED +CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...) + TODO: check CVE-2021-45393 RESERVED CVE-2021-45392 @@ -7580,12 +7956,12 @@ CVE-2021-44842 RESERVED CVE-2021-44841 RESERVED -CVE-2021-44840 - RESERVED +CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...) + TODO: check CVE-2021-44839 RESERVED -CVE-2021-44838 - RESERVED +CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...) + TODO: check CVE-2021-44837 RESERVED CVE-2021-44836 @@ -7914,8 +8290,7 @@ CVE-2021-4085 RESERVED CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: Pimcore -CVE-2021-4083 - RESERVED +CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...) - linux 5.15.5-2 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4) @@ -7925,8 +8300,8 @@ CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During NOT-FOR-US: Pimcore CVE-2021-44758 RESERVED -CVE-2021-44757 - RESERVED +CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...) + TODO: check CVE-2021-44756 RESERVED CVE-2021-44755 @@ -8172,8 +8547,8 @@ CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 i NOT-FOR-US: Zoho ManageEngine CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...) NOT-FOR-US: snipe-it -CVE-2021-4074 - RESERVED +CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...) + TODO: check CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...) NOT-FOR-US: WordPress plugin CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...) @@ -8560,8 +8935,8 @@ CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_ [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33) -CVE-2021-43353 - RESERVED +CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...) + TODO: check CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) @@ -9526,8 +9901,8 @@ CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...) NOT-FOR-US: Gin-Vue-Admin CVE-2021-44218 RESERVED -CVE-2021-44217 - RESERVED +CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...) + TODO: check CVE-2021-44216 RESERVED CVE-2021-44215 @@ -10377,8 +10752,8 @@ CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to c TODO: check CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...) NOT-FOR-US: Discourse -CVE-2022-21683 - RESERVED +CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...) + TODO: check CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...) - flatpak 1.12.3-1 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx @@ -18817,12 +19192,12 @@ CVE-2021-41811 RESERVED CVE-2021-41810 RESERVED -CVE-2021-41809 - RESERVED -CVE-2021-41808 - RESERVED -CVE-2021-41807 - RESERVED +CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...) + TODO: check +CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...) + TODO: check +CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...) + TODO: check CVE-2021-41806 RESERVED CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...) @@ -19442,10 +19817,10 @@ CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.8 NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41552 RESERVED -CVE-2021-41551 - RESERVED -CVE-2021-41550 - RESERVED +CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...) + TODO: check +CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...) + TODO: check CVE-2021-41549 RESERVED CVE-2021-41548 @@ -23340,8 +23715,7 @@ CVE-2021-39948 RESERVED CVE-2021-39947 RESERVED -CVE-2021-39946 - RESERVED +CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...) - gitlab <unfixed> CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...) - gitlab <unfixed> @@ -23349,8 +23723,7 @@ CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versi - gitlab <unfixed> CVE-2021-39943 RESERVED -CVE-2021-39942 - RESERVED +CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab <unfixed> CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) - gitlab <unfixed> @@ -23388,8 +23761,7 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html -CVE-2021-39927 - RESERVED +CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...) - gitlab <unfixed> CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...) {DSA-5019-1} @@ -23489,8 +23861,8 @@ CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebindi - gitlab <unfixed> CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) - gitlab <unfixed> -CVE-2021-39892 - RESERVED +CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) + TODO: check CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab <unfixed> CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) @@ -26152,12 +26524,12 @@ CVE-2021-38787 RESERVED CVE-2021-38786 RESERVED -CVE-2021-38785 - RESERVED -CVE-2021-38784 - RESERVED -CVE-2021-38783 - RESERVED +CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...) + TODO: check +CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...) + TODO: check +CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...) + TODO: check CVE-2021-38782 RESERVED CVE-2021-38781 @@ -26346,14 +26718,14 @@ CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint - consul <unfixed> NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) -CVE-2021-38697 - RESERVED -CVE-2021-38696 - RESERVED -CVE-2021-38695 - RESERVED -CVE-2021-38694 - RESERVED +CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...) + TODO: check +CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...) + TODO: check +CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...) + TODO: check +CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...) + TODO: check CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...) NOT-FOR-US: UCWeb UC CVE-2021-38693 @@ -28669,14 +29041,14 @@ CVE-2021-37869 RESERVED CVE-2021-37868 RESERVED -CVE-2021-37867 - RESERVED -CVE-2021-37866 - RESERVED -CVE-2021-37865 - RESERVED -CVE-2021-37864 - RESERVED +CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...) + TODO: check +CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...) + TODO: check +CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...) + TODO: check +CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...) + TODO: check CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...) TODO: check CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...) @@ -34906,7 +35278,7 @@ CVE-2021-35249 RESERVED CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) NOT-FOR-US: SolarWinds -CVE-2021-35247 (Serv-U web login screen was allowing characters that were not sanitize ...) +CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...) NOT-FOR-US: SolarWinds CVE-2021-35246 RESERVED @@ -36857,18 +37229,18 @@ CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-34407 REJECTED -CVE-2021-34406 - RESERVED -CVE-2021-34405 - RESERVED -CVE-2021-34404 - RESERVED -CVE-2021-34403 - RESERVED -CVE-2021-34402 - RESERVED -CVE-2021-34401 - RESERVED +CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...) + TODO: check +CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone’ ...) + TODO: check +CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...) + TODO: check +CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...) + TODO: check +CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...) + TODO: check +CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...) + TODO: check CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) NOT-FOR-US: NVIDIA CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) @@ -37787,10 +38159,10 @@ CVE-2021-33967 RESERVED CVE-2021-33966 RESERVED -CVE-2021-33965 - RESERVED -CVE-2021-33964 - RESERVED +CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + TODO: check +CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + TODO: check CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...) @@ -43636,7 +44008,8 @@ CVE-2021-31773 RESERVED CVE-2021-31772 RESERVED -CVE-2021-31771 (** DISPUTED ** Splinterware System Scheduler Professional version 5.30 ...) +CVE-2021-31771 + REJECTED NOT-FOR-US: Splinterware CVE-2021-31770 RESERVED @@ -48728,8 +49101,8 @@ CVE-2021-29874 RESERVED CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...) NOT-FOR-US: IBM -CVE-2021-29872 - RESERVED +CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...) + TODO: check CVE-2021-29871 RESERVED CVE-2021-29870 @@ -49298,8 +49671,8 @@ CVE-2021-29634 RESERVED CVE-2021-29633 RESERVED -CVE-2021-29632 - RESERVED +CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...) + TODO: check CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...) NOT-FOR-US: FreeBSD CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...) @@ -50361,8 +50734,8 @@ CVE-2021-29217 RESERVED CVE-2021-29216 RESERVED -CVE-2021-29215 - RESERVED +CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...) + TODO: check CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...) NOT-FOR-US: HPE CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) @@ -66476,8 +66849,8 @@ CVE-2021-22568 (When using the dart pub publish command to publish a package to TODO: check CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...) TODO: check -CVE-2021-22566 - RESERVED +CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...) + TODO: check CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...) TODO: check CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...) @@ -116986,14 +117359,14 @@ CVE-2020-14112 RESERVED CVE-2020-14111 RESERVED -CVE-2020-14110 - RESERVED +CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...) + TODO: check CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...) NOT-FOR-US: Xiaomi CVE-2020-14108 RESERVED -CVE-2020-14107 - RESERVED +CVE-2020-14107 (A stack overflow in the HTTP server of Cast can be exploited to make t ...) + TODO: check CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...) NOT-FOR-US: Xiaomi CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...) @@ -213548,6 +213921,7 @@ CVE-2018-19049 CVE-2017-18351 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...) + {DLA-2887-1} - lighttpd 1.4.52-1 (bug #913528) [jessie] - lighttpd <no-dsa> (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 |