From 057701e8d4f4bf0e2de7e8a6a9b4cf8287fe18e3 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 15 Oct 2021 20:10:19 +0000 Subject: automatic update --- data/CVE/list | 321 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 201 insertions(+), 120 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index cf988dbeef..d350de25dc 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,83 @@ +CVE-2022-0005 + RESERVED +CVE-2022-0004 + RESERVED +CVE-2022-0003 + RESERVED +CVE-2022-0002 + RESERVED +CVE-2022-0001 + RESERVED +CVE-2021-42553 + RESERVED +CVE-2021-42552 + RESERVED +CVE-2021-42551 + RESERVED +CVE-2021-42550 + RESERVED +CVE-2021-42549 + RESERVED +CVE-2021-42548 + RESERVED +CVE-2021-42547 + RESERVED +CVE-2021-42546 + RESERVED +CVE-2021-42545 + RESERVED +CVE-2021-42544 + RESERVED +CVE-2021-42543 + RESERVED +CVE-2021-42542 + RESERVED +CVE-2021-42541 + RESERVED +CVE-2021-42540 + RESERVED +CVE-2021-42539 + RESERVED +CVE-2021-42538 + RESERVED +CVE-2021-42537 + RESERVED +CVE-2021-42536 + RESERVED +CVE-2021-42535 + RESERVED +CVE-2021-42534 + RESERVED +CVE-2021-42533 + RESERVED +CVE-2021-42532 + RESERVED +CVE-2021-42531 + RESERVED +CVE-2021-42530 + RESERVED +CVE-2021-42529 + RESERVED +CVE-2021-42528 + RESERVED +CVE-2021-42527 + RESERVED +CVE-2021-42526 + RESERVED +CVE-2021-42525 + RESERVED +CVE-2021-42524 + RESERVED +CVE-2021-3891 + RESERVED +CVE-2021-3890 + RESERVED +CVE-2021-3889 + RESERVED +CVE-2021-3888 + RESERVED +CVE-2021-3887 + RESERVED CVE-2022-20611 RESERVED CVE-2022-20610 @@ -1405,22 +1485,22 @@ CVE-2021-42338 RESERVED CVE-2021-42337 RESERVED -CVE-2021-42336 - RESERVED -CVE-2021-42335 - RESERVED -CVE-2021-42334 - RESERVED -CVE-2021-42333 - RESERVED -CVE-2021-42332 - RESERVED -CVE-2021-42331 - RESERVED -CVE-2021-42330 - RESERVED -CVE-2021-42329 - RESERVED +CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...) + TODO: check +CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...) + TODO: check +CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...) + TODO: check +CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...) + TODO: check +CVE-2021-42332 (The “List View” function of ShinHer StudyOnline System is ...) + TODO: check +CVE-2021-42331 (The “Study Edit” function of ShinHer StudyOnline System do ...) + TODO: check +CVE-2021-42330 (The “Teacher Edit” function of ShinHer StudyOnline System ...) + TODO: check +CVE-2021-42329 (The “List_Add” function of message board of ShinHer StudyO ...) + TODO: check CVE-2022-20111 RESERVED CVE-2022-20110 @@ -1760,8 +1840,8 @@ CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session auth - ledgersmb (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/ NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie -CVE-2021-3881 - RESERVED +CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...) + TODO: check CVE-2021-3880 RESERVED CVE-2021-3879 @@ -1781,8 +1861,8 @@ CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an un NOT-FOR-US: check_smart Icinga plugin CVE-2021-42256 RESERVED -CVE-2021-3878 - RESERVED +CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + TODO: check CVE-2021-42255 RESERVED CVE-2021-42254 @@ -1842,7 +1922,7 @@ CVE-2021-42230 RESERVED CVE-2021-42229 RESERVED -CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...) +CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...) NOT-FOR-US: KindEditor CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) NOT-FOR-US: KindEditor @@ -2036,8 +2116,8 @@ CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a NOT-FOR-US: Django Unicorn, different from src:unicorn CVE-2021-3876 RESERVED -CVE-2021-3875 - RESERVED +CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...) + TODO: check CVE-2021-42133 RESERVED CVE-2021-42132 @@ -2086,8 +2166,8 @@ CVE-2021-42111 RESERVED CVE-2021-42110 RESERVED -CVE-2021-3874 - RESERVED +CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) + TODO: check CVE-2021-3873 RESERVED CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...) @@ -3910,8 +3990,8 @@ CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to NOT-FOR-US: Poly VVX 400/410 CVE-2021-41321 RESERVED -CVE-2021-41320 - RESERVED +CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...) + TODO: check CVE-2021-41319 RESERVED CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...) @@ -4296,10 +4376,10 @@ CVE-2021-41150 RESERVED CVE-2021-41149 RESERVED -CVE-2021-41148 - RESERVED -CVE-2021-41147 - RESERVED +CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + TODO: check +CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + TODO: check CVE-2021-41146 RESERVED CVE-2021-41145 @@ -4481,6 +4561,7 @@ CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5 [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2 CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) + {DSA-4987-1} - squashfs-tools 1:4.5-3 (bug #994262) NOTE: Prerequisites: NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 @@ -4635,34 +4716,34 @@ CVE-2021-41001 RESERVED CVE-2021-41000 RESERVED -CVE-2021-40999 - RESERVED -CVE-2021-40998 - RESERVED -CVE-2021-40997 - RESERVED -CVE-2021-40996 - RESERVED -CVE-2021-40995 - RESERVED -CVE-2021-40994 - RESERVED -CVE-2021-40993 - RESERVED -CVE-2021-40992 - RESERVED -CVE-2021-40991 - RESERVED -CVE-2021-40990 - RESERVED -CVE-2021-40989 - RESERVED -CVE-2021-40988 - RESERVED -CVE-2021-40987 - RESERVED -CVE-2021-40986 - RESERVED +CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check +CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check +CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + TODO: check +CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + TODO: check +CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check +CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check +CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + TODO: check +CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + TODO: check +CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...) + TODO: check +CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...) + TODO: check +CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...) + TODO: check +CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...) + TODO: check +CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check +CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check CVE-2021-3800 RESERVED CVE-2021-40985 @@ -5269,30 +5350,30 @@ CVE-2021-40733 RESERVED CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) NOT-FOR-US: Adobe -CVE-2021-40731 - RESERVED -CVE-2021-40730 - RESERVED -CVE-2021-40729 - RESERVED -CVE-2021-40728 - RESERVED +CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + TODO: check +CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + TODO: check +CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + TODO: check +CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + TODO: check CVE-2021-40727 RESERVED CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe -CVE-2021-40724 - RESERVED +CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...) + TODO: check CVE-2021-40723 RESERVED CVE-2021-40722 RESERVED -CVE-2021-40721 - RESERVED -CVE-2021-40720 - RESERVED +CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a reflected ...) + TODO: check +CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...) + TODO: check CVE-2021-40719 RESERVED CVE-2021-40718 @@ -7283,8 +7364,8 @@ CVE-2021-39866 (A business logic error in the project deletion process in GitLab - gitlab CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe -CVE-2021-39864 - RESERVED +CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...) + TODO: check CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) @@ -8455,18 +8536,18 @@ CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated NOT-FOR-US: WordPress plugin CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin -CVE-2021-39349 - RESERVED +CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) + TODO: check CVE-2021-39348 RESERVED CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) NOT-FOR-US: WordPress plugin CVE-2021-39346 RESERVED -CVE-2021-39345 - RESERVED -CVE-2021-39344 - RESERVED +CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) + TODO: check +CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) + TODO: check CVE-2021-39343 RESERVED CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) @@ -8477,20 +8558,20 @@ CVE-2021-39340 RESERVED CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...) NOT-FOR-US: WordPress plugin -CVE-2021-39338 - RESERVED -CVE-2021-39337 - RESERVED -CVE-2021-39336 - RESERVED -CVE-2021-39335 - RESERVED -CVE-2021-39334 - RESERVED +CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...) + TODO: check +CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...) + TODO: check CVE-2021-39333 RESERVED -CVE-2021-39332 - RESERVED +CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...) + TODO: check CVE-2021-39331 RESERVED CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) @@ -10709,10 +10790,10 @@ CVE-2021-38434 RESERVED CVE-2021-38433 RESERVED -CVE-2021-38432 - RESERVED -CVE-2021-38431 - RESERVED +CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...) + TODO: check +CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...) + TODO: check CVE-2021-38430 RESERVED CVE-2021-38429 @@ -12460,14 +12541,14 @@ CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication R NOT-FOR-US: ManageEngine CVE-2021-37740 RESERVED -CVE-2021-37739 - RESERVED -CVE-2021-37738 - RESERVED -CVE-2021-37737 - RESERVED -CVE-2021-37736 - RESERVED +CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...) + TODO: check +CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...) + TODO: check +CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + TODO: check +CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + TODO: check CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...) NOT-FOR-US: Aruba CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...) @@ -32166,8 +32247,8 @@ CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote atta NOT-FOR-US: IBM CVE-2021-29746 RESERVED -CVE-2021-29745 - RESERVED +CVE-2021-29745 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge esc ...) + TODO: check CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...) @@ -32298,8 +32379,8 @@ CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker t NOT-FOR-US: IBM CVE-2021-29680 RESERVED -CVE-2021-29679 - RESERVED +CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...) + TODO: check CVE-2021-29678 RESERVED CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...) @@ -36514,8 +36595,8 @@ CVE-2021-28023 RESERVED CVE-2021-28022 RESERVED -CVE-2021-28021 - RESERVED +CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...) + TODO: check CVE-2021-28020 RESERVED CVE-2021-28019 @@ -37571,8 +37652,8 @@ CVE-2021-27563 RESERVED CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...) NOT-FOR-US: Arm Trusted Firmware M -CVE-2021-27561 - RESERVED +CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command injection as ro ...) + TODO: check CVE-2021-27560 RESERVED CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...) @@ -125354,8 +125435,8 @@ CVE-2020-4953 (IBM Planning Analytics 2.0 could allow a remote authenticated att NOT-FOR-US: IBM CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...) NOT-FOR-US: IBM -CVE-2020-4951 - RESERVED +CVE-2020-4951 (IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser ...) + TODO: check CVE-2020-4950 RESERVED CVE-2020-4949 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) @@ -204364,10 +204445,10 @@ CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils befo [stretch] - elfutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9 -CVE-2018-16061 - RESERVED -CVE-2018-16060 - RESERVED +CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...) + TODO: check +CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain ...) + TODO: check CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...) NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) @@ -284011,7 +284092,7 @@ CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend - virglrenderer 0.6.0-1 (bug #858255) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438 -CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5 ...) +CVE-2017-5991 (An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9 ...) {DSA-3797-1} - mupdf 1.9a+ds1-4 (low) [wheezy] - mupdf (vulnerable code not present) -- cgit v1.2.3