From 00b1346f1cf268d69dfe89e15695f9c708bb1dad Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 14 Oct 2021 20:10:21 +0000 Subject: automatic update --- data/CVE/list | 215 ++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 155 insertions(+), 60 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index d64f6fbf1e..49e7b1db8e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,97 @@ +CVE-2021-42392 + RESERVED +CVE-2021-42391 + RESERVED +CVE-2021-42390 + RESERVED +CVE-2021-42389 + RESERVED +CVE-2021-42388 + RESERVED +CVE-2021-42387 + RESERVED +CVE-2021-42386 + RESERVED +CVE-2021-42385 + RESERVED +CVE-2021-42384 + RESERVED +CVE-2021-42383 + RESERVED +CVE-2021-42382 + RESERVED +CVE-2021-42381 + RESERVED +CVE-2021-42380 + RESERVED +CVE-2021-42379 + RESERVED +CVE-2021-42378 + RESERVED +CVE-2021-42377 + RESERVED +CVE-2021-42376 + RESERVED +CVE-2021-42375 + RESERVED +CVE-2021-42374 + RESERVED +CVE-2021-42373 + RESERVED +CVE-2021-42372 + RESERVED +CVE-2021-42371 + RESERVED +CVE-2021-42370 + RESERVED +CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...) + TODO: check +CVE-2021-42368 + RESERVED +CVE-2021-42367 + RESERVED +CVE-2021-42366 + RESERVED +CVE-2021-42365 + RESERVED +CVE-2021-42364 + RESERVED +CVE-2021-42363 + RESERVED +CVE-2021-42362 + RESERVED +CVE-2021-42361 + RESERVED +CVE-2021-42360 + RESERVED +CVE-2021-42359 + RESERVED +CVE-2021-42358 + RESERVED +CVE-2021-42357 + RESERVED +CVE-2021-42356 + RESERVED +CVE-2021-42355 + RESERVED +CVE-2021-42354 + RESERVED +CVE-2021-42353 + RESERVED +CVE-2021-42352 + RESERVED +CVE-2021-42351 + RESERVED +CVE-2021-42350 + RESERVED +CVE-2021-42349 + RESERVED +CVE-2021-42348 + RESERVED +CVE-2021-42347 + RESERVED +CVE-2020-36485 + RESERVED CVE-2021-42346 RESERVED CVE-2021-42345 @@ -392,8 +486,8 @@ CVE-2021-42264 RESERVED CVE-2021-42263 RESERVED -CVE-2021-3882 - RESERVED +CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...) + TODO: check CVE-2021-3881 RESERVED CVE-2021-3880 @@ -476,10 +570,10 @@ CVE-2021-42230 RESERVED CVE-2021-42229 RESERVED -CVE-2021-42228 - RESERVED -CVE-2021-42227 - RESERVED +CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...) + TODO: check +CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) + TODO: check CVE-2021-42226 RESERVED CVE-2021-42225 @@ -2537,7 +2631,7 @@ CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Py NOT-FOR-US: Pydio Cells CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...) NOT-FOR-US: Pydio Cells -CVE-2021-41322 (Poly VVX 400/410 through 5.3.1 allows low-privileged users to change t ...) +CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to chang ...) NOT-FOR-US: Poly VVX 400/410 CVE-2021-41321 RESERVED @@ -2939,8 +3033,8 @@ CVE-2021-41144 RESERVED CVE-2021-41143 RESERVED -CVE-2021-41142 - RESERVED +CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + TODO: check CVE-2021-41141 RESERVED CVE-2021-41140 @@ -2959,8 +3053,8 @@ CVE-2021-41135 RESERVED CVE-2021-41134 RESERVED -CVE-2021-41132 - RESERVED +CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) + TODO: check CVE-2021-41131 RESERVED CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) @@ -7124,8 +7218,8 @@ CVE-2021-39332 RESERVED CVE-2021-39331 RESERVED -CVE-2021-39330 - RESERVED +CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) + TODO: check CVE-2021-39329 RESERVED CVE-2021-39328 @@ -7561,6 +7655,7 @@ CVE-2021-39202 (WordPress is a free and open-source content management system wr - wordpress (Vulnerable code introduced later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 CVE-2021-39201 (WordPress is a free and open-source content management system written ...) + {DSA-4985-1} - wordpress 5.8.1+dfsg1-1 (bug #994059) [stretch] - wordpress (Vulnerable code added later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v @@ -9554,12 +9649,12 @@ CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected C NOT-FOR-US: WordPress plugin CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin -CVE-2021-38346 - RESERVED -CVE-2021-38345 - RESERVED -CVE-2021-38344 - RESERVED +CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authe ...) + TODO: check +CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incor ...) + TODO: check +CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerabl ...) + TODO: check CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...) NOT-FOR-US: WordPress plugin CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...) @@ -10638,8 +10733,8 @@ CVE-2021-37935 RESERVED CVE-2021-37934 RESERVED -CVE-2021-37933 - RESERVED +CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...) + TODO: check CVE-2021-37932 RESERVED CVE-2021-3681 @@ -14160,12 +14255,12 @@ CVE-2021-36391 RESERVED CVE-2021-36390 RESERVED -CVE-2021-36389 - RESERVED -CVE-2021-36388 - RESERVED -CVE-2021-36387 - RESERVED +CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...) + TODO: check +CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...) + TODO: check +CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...) + TODO: check CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...) - fetchmail 6.4.16-4 (unimportant) NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt @@ -16964,7 +17059,7 @@ CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution NOT-FOR-US: Solarwinds CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...) NOT-FOR-US: Solarwinds -CVE-2021-35214 (The vulnerability can be described as a failure to invalidate user ses ...) +CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...) NOT-FOR-US: Solarwinds CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...) NOT-FOR-US: SolarWinds @@ -21804,12 +21899,12 @@ CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi compo NOT-FOR-US: Synology CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology -CVE-2021-33179 - RESERVED -CVE-2021-33178 - RESERVED -CVE-2021-33177 - RESERVED +CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) + TODO: check +CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) + TODO: check +CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) + TODO: check CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...) NOT-FOR-US: VerneMQ MQTT Broker CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...) @@ -23334,12 +23429,12 @@ CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node. NOT-FOR-US: Node express-cart CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...) NOT-FOR-US: Speco Web Viewer -CVE-2021-32571 - RESERVED +CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) + TODO: check CVE-2021-32570 RESERVED -CVE-2021-32569 - RESERVED +CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) + TODO: check CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...) NOT-FOR-US: mrdoc CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) @@ -47043,10 +47138,10 @@ CVE-2021-22966 RESERVED CVE-2021-22965 RESERVED -CVE-2021-22964 - RESERVED -CVE-2021-22963 - RESERVED +CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version >= ...) + TODO: check +CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2 ...) + TODO: check CVE-2021-22962 RESERVED CVE-2021-22961 @@ -54297,8 +54392,8 @@ CVE-2021-20601 RESERVED CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...) NOT-FOR-US: Mitsubishi -CVE-2021-20599 - RESERVED +CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...) + TODO: check CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...) NOT-FOR-US: Mitsubishi CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...) @@ -78690,8 +78785,8 @@ CVE-2020-22726 RESERVED CVE-2020-22725 RESERVED -CVE-2020-22724 - RESERVED +CVE-2020-22724 (A remote command execution vulnerability exists in add_server_service ...) + TODO: check CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhiche ...) NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...) @@ -84584,28 +84679,28 @@ CVE-2020-19966 RESERVED CVE-2020-19965 RESERVED -CVE-2020-19964 - RESERVED +CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...) + TODO: check CVE-2020-19963 RESERVED -CVE-2020-19962 - RESERVED -CVE-2020-19961 - RESERVED -CVE-2020-19960 - RESERVED -CVE-2020-19959 - RESERVED +CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...) + TODO: check +CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check +CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check +CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check CVE-2020-19958 RESERVED -CVE-2020-19957 - RESERVED +CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check CVE-2020-19956 RESERVED CVE-2020-19955 RESERVED -CVE-2020-19954 - RESERVED +CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...) + TODO: check CVE-2020-19953 RESERVED CVE-2020-19952 -- cgit v1.2.3