diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-09-30 08:10:11 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-09-30 08:10:11 +0000 |
commit | 0a93b8437f603931135c300c7e7a9cf9a350ef22 (patch) | |
tree | f5b0b3d56a7cd1257b5ec0ac522c56d292d43215 /data | |
parent | 61bbdc258d4064acc4f626212719d9c7d5c5d6bd (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 149 |
1 files changed, 116 insertions, 33 deletions
diff --git a/data/CVE/list b/data/CVE/list index 32c7b7cb04..d26bf51f74 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,89 @@ +CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...) + TODO: check +CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) + TODO: check +CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) + TODO: check +CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...) + TODO: check +CVE-2021-41825 + RESERVED +CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...) + TODO: check +CVE-2021-41823 + RESERVED +CVE-2021-41822 + RESERVED +CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...) + TODO: check +CVE-2021-41820 + RESERVED +CVE-2021-41819 + RESERVED +CVE-2021-41818 + RESERVED +CVE-2021-41817 + RESERVED +CVE-2021-41816 + RESERVED +CVE-2021-41815 + RESERVED +CVE-2021-41814 + RESERVED +CVE-2021-41813 + RESERVED +CVE-2021-41812 + RESERVED +CVE-2021-41811 + RESERVED +CVE-2021-41810 + RESERVED +CVE-2021-41809 + RESERVED +CVE-2021-41808 + RESERVED +CVE-2021-41807 + RESERVED +CVE-2021-41806 + RESERVED +CVE-2021-41805 + RESERVED +CVE-2021-41804 + RESERVED +CVE-2021-41803 + RESERVED +CVE-2021-41802 + RESERVED +CVE-2021-41801 + RESERVED +CVE-2021-41800 + RESERVED +CVE-2021-41799 + RESERVED +CVE-2021-41798 + RESERVED +CVE-2021-41797 + RESERVED +CVE-2021-41796 + RESERVED +CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...) + TODO: check +CVE-2021-41794 + RESERVED +CVE-2021-41793 + RESERVED +CVE-2021-41792 + RESERVED +CVE-2021-41791 + RESERVED +CVE-2021-41790 + RESERVED +CVE-2021-41789 + RESERVED +CVE-2021-41788 + RESERVED +CVE-2021-3840 + RESERVED CVE-2021-41787 RESERVED CVE-2021-41786 @@ -1635,8 +1721,8 @@ CVE-2021-41036 RESERVED CVE-2021-41035 RESERVED -CVE-2021-41034 - RESERVED +CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) + TODO: check CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) NOT-FOR-US: Eclipse Equinox CVE-2021-41032 @@ -5499,8 +5585,8 @@ CVE-2021-39344 RESERVED CVE-2021-39343 RESERVED -CVE-2021-39342 - RESERVED +CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) + TODO: check CVE-2021-39341 RESERVED CVE-2021-39340 @@ -8548,7 +8634,7 @@ CVE-2021-3683 RESERVED CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...) NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif) -CVE-2021-38112 (In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument ...) +CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...) NOT-FOR-US: Amazon AWS client for Windows CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...) NOT-FOR-US: DEF CON 27 badge @@ -11557,8 +11643,7 @@ CVE-2021-36776 RESERVED CVE-2021-36775 RESERVED -CVE-2021-3653 [KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl] - RESERVED +CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) {DSA-4978-1} - linux 5.14.6-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 @@ -13597,12 +13682,12 @@ CVE-2021-35947 (The public share controller in the ownCloud server before versio - owncloud <removed> CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...) - owncloud <removed> -CVE-2021-35945 - RESERVED -CVE-2021-35944 - RESERVED -CVE-2021-35943 - RESERVED +CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...) + TODO: check +CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...) + TODO: check +CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...) + TODO: check CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...) - glibc 2.31-13 (bug #990542) [buster] - glibc <no-dsa> (Minor issue) @@ -45277,13 +45362,11 @@ CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacke NOT-FOR-US: Concrete CMS CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver < ...) NOT-FOR-US: revive-adserver -CVE-2021-22947 [STARTTLS protocol injection via MITM] - RESERVED +CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 se ...) - curl <unfixed> NOTE: https://curl.se/docs/CVE-2021-22947.html NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0) -CVE-2021-22946 [Protocol downgrade required TLS bypassed] - RESERVED +CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...) - curl <unfixed> NOTE: https://curl.se/docs/CVE-2021-22946.html NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0) @@ -81060,8 +81143,8 @@ CVE-2020-20783 RESERVED CVE-2020-20782 RESERVED -CVE-2020-20781 - RESERVED +CVE-2020-20781 (A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?d ...) + TODO: check CVE-2020-20780 RESERVED CVE-2020-20779 @@ -82388,14 +82471,14 @@ CVE-2020-20133 RESERVED CVE-2020-20132 RESERVED -CVE-2020-20131 - RESERVED +CVE-2020-20131 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) + TODO: check CVE-2020-20130 RESERVED -CVE-2020-20129 - RESERVED -CVE-2020-20128 - RESERVED +CVE-2020-20129 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) + TODO: check +CVE-2020-20128 (LaraCMS v1.0.1 transmits sensitive information in cleartext which can ...) + TODO: check CVE-2020-20127 RESERVED CVE-2020-20126 @@ -85405,12 +85488,12 @@ CVE-2020-18687 RESERVED CVE-2020-18686 RESERVED -CVE-2020-18685 - RESERVED -CVE-2020-18684 - RESERVED -CVE-2020-18683 - RESERVED +CVE-2020-18685 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) + TODO: check +CVE-2020-18684 (Floodlight through 1.2 has an integer overflow in checkFlow in StaticF ...) + TODO: check +CVE-2020-18683 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) + TODO: check CVE-2020-18682 RESERVED CVE-2020-18681 @@ -102128,8 +102211,8 @@ CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM120 NOT-FOR-US: Baxter CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...) NOT-FOR-US: FactoryTalk View SE -CVE-2020-12030 - RESERVED +CVE-2020-12030 (There is a flaw in the code used to configure the internal gateway fir ...) + TODO: check CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...) |