From a4650ed77d24c7892bf4a9f869c97a8eb9fefccf Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 19 Jan 2021 20:10:23 +0000 Subject: automatic update --- data/CVE/list | 147 +++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 95 insertions(+), 52 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 7ba24f0047..f309aa100f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,47 @@ +CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) + TODO: check +CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...) + TODO: check +CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...) + TODO: check +CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...) + TODO: check +CVE-2021-3180 + RESERVED +CVE-2021-25329 + RESERVED +CVE-2021-25328 + RESERVED +CVE-2021-25327 + RESERVED +CVE-2021-25326 + RESERVED +CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...) + TODO: check +CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...) + TODO: check +CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...) + TODO: check +CVE-2021-25322 + RESERVED +CVE-2021-25321 + RESERVED +CVE-2021-25320 + RESERVED +CVE-2021-25319 + RESERVED +CVE-2021-25318 + RESERVED +CVE-2021-25317 + RESERVED +CVE-2021-25316 + RESERVED +CVE-2021-25315 + RESERVED +CVE-2021-25314 + RESERVED +CVE-2021-25313 + RESERVED CVE-2021-3179 RESERVED CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...) @@ -5077,12 +5121,12 @@ CVE-2021-22854 RESERVED CVE-2021-22853 RESERVED -CVE-2021-22852 - RESERVED -CVE-2021-22851 - RESERVED -CVE-2021-22850 - RESERVED +CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) + TODO: check +CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) + TODO: check +CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...) + TODO: check CVE-2021-22849 RESERVED CVE-2021-22848 @@ -5936,8 +5980,8 @@ CVE-2021-22500 RESERVED CVE-2021-22499 RESERVED -CVE-2021-22498 - RESERVED +CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...) + TODO: check CVE-2021-22497 RESERVED CVE-2021-22496 @@ -8486,8 +8530,8 @@ CVE-2016-20001 (The REST/JSON project 7.x-1.x for Drupal allows node access bypa NOT-FOR-US: REST/JSON project for Drupal CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url ...) NOT-FOR-US: Seo Panel -CVE-2020-35929 - RESERVED +CVE-2020-35929 (In TinyCheck before commits 9fd360d and ea53de8, the installation scri ...) + TODO: check CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...) NOT-FOR-US: concread rust crate CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08 for Rust. ...) @@ -11996,8 +12040,7 @@ CVE-2021-20191 - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813 NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227 -CVE-2021-20190 - RESERVED +CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...) - jackson-databind 2.12.1-1 [buster] - jackson-databind (Minor issue) NOTE: https://github.com/FasterXML/jackson-databind/issues/2854 @@ -13353,10 +13396,10 @@ CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP cod NOT-FOR-US: Agentejo Cockpit CVE-2020-35130 RESERVED -CVE-2020-35129 - RESERVED -CVE-2020-35128 - RESERVED +CVE-2020-35129 (Mautic before 3.2.4 is affected by stored XSS. An attacker with access ...) + TODO: check +CVE-2020-35128 (Mautic before 3.2.4 is affected by stored XSS. An attacker with permis ...) + TODO: check CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.j ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...) @@ -19041,18 +19084,18 @@ CVE-2020-28484 RESERVED CVE-2020-28483 RESERVED -CVE-2020-28482 - RESERVED -CVE-2020-28481 - RESERVED -CVE-2020-28480 - RESERVED -CVE-2020-28479 - RESERVED -CVE-2020-28478 - RESERVED -CVE-2020-28477 - RESERVED +CVE-2020-28482 (This affects the package fastify-csrf before 3.0.0. 1. The generated c ...) + TODO: check +CVE-2020-28481 (The package socket.io before 2.4.0 are vulnerable to Insecure Defaults ...) + TODO: check +CVE-2020-28480 (The package jointjs before 3.3.0 are vulnerable to Prototype Pollution ...) + TODO: check +CVE-2020-28479 (The package jointjs before 3.3.0 are vulnerable to Denial of Service ( ...) + TODO: check +CVE-2020-28478 (This affects the package gsap before 3.6.0. ...) + TODO: check +CVE-2020-28477 (This affects all versions of package immer. ...) + TODO: check CVE-2020-28476 (All versions of package tornado are vulnerable to Web Cache Poisoning ...) TODO: check CVE-2020-28475 @@ -19061,8 +19104,8 @@ CVE-2020-28474 RESERVED CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to Web Cac ...) TODO: check -CVE-2020-28472 - RESERVED +CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0- ...) + TODO: check CVE-2020-28471 RESERVED CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The transfer s ...) @@ -22647,8 +22690,8 @@ CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to ta NOTE: https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335 CVE-2020-27734 RESERVED -CVE-2020-27733 - RESERVED +CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 allows an ...) + TODO: check CVE-2020-27732 RESERVED CVE-2020-27731 @@ -24020,20 +24063,20 @@ CVE-2020-27278 RESERVED CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...) NOT-FOR-US: Delta Electronics DOPSoft -CVE-2020-27276 - RESERVED +CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the c ...) + TODO: check CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics DOPSoft CVE-2020-27274 RESERVED CVE-2020-27273 RESERVED -CVE-2020-27272 - RESERVED +CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The commun ...) + TODO: check CVE-2020-27271 RESERVED -CVE-2020-27270 - RESERVED +CVE-2020-27270 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communicat ...) + TODO: check CVE-2020-27269 RESERVED CVE-2020-27268 @@ -32568,8 +32611,8 @@ CVE-2020-23524 RESERVED CVE-2020-23523 RESERVED -CVE-2020-23522 - RESERVED +CVE-2020-23522 (Pixelimity 1.0 has cross-site request forgery via the admin/setting.ph ...) + TODO: check CVE-2020-23521 RESERVED CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently remote ...) @@ -32928,8 +32971,8 @@ CVE-2020-23344 RESERVED CVE-2020-23343 RESERVED -CVE-2020-23342 - RESERVED +CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...) + TODO: check CVE-2020-23341 RESERVED CVE-2020-23340 @@ -37717,8 +37760,8 @@ CVE-2020-20952 RESERVED CVE-2020-20951 RESERVED -CVE-2020-20950 - RESERVED +CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...) + TODO: check CVE-2020-20949 RESERVED CVE-2020-20948 @@ -69040,8 +69083,8 @@ CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to NOT-FOR-US: HCI CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) NOT-FOR-US: HCI -CVE-2020-8581 - RESERVED +CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible ...) + TODO: check CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...) NOT-FOR-US: SANtricity OS Controller Software CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...) @@ -78757,8 +78800,8 @@ CVE-2020-4883 RESERVED CVE-2020-4882 RESERVED -CVE-2020-4881 - RESERVED +CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) + TODO: check CVE-2020-4880 RESERVED CVE-2020-4879 @@ -78773,12 +78816,12 @@ CVE-2020-4875 RESERVED CVE-2020-4874 RESERVED -CVE-2020-4873 - RESERVED +CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...) + TODO: check CVE-2020-4872 RESERVED -CVE-2020-4871 - RESERVED +CVE-2020-4871 (IBM Planning Analytics 2.0 allows web pages to be stored locally which ...) + TODO: check CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack cau ...) NOT-FOR-US: IBM CVE-2020-4869 (IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of servi ...) -- cgit v1.2.3