From 4e0cdba33ce4f0131fa2d7e097c09ec80ae92380 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 13 Oct 2021 20:10:18 +0000 Subject: automatic update --- data/CVE/list | 190 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 104 insertions(+), 86 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index c37305e100..5319a9f49d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,21 @@ +CVE-2021-42340 + RESERVED +CVE-2021-3884 + RESERVED +CVE-2021-3883 + RESERVED +CVE-2020-36484 + RESERVED +CVE-2020-36483 + RESERVED +CVE-2020-36482 + RESERVED +CVE-2020-36481 + RESERVED +CVE-2020-36480 + RESERVED +CVE-2020-36479 + RESERVED CVE-2021-42339 RESERVED CVE-2021-42338 @@ -447,10 +465,10 @@ CVE-2021-42226 RESERVED CVE-2021-42225 RESERVED -CVE-2021-42224 - RESERVED -CVE-2021-42223 - RESERVED +CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...) + TODO: check +CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...) + TODO: check CVE-2021-42222 RESERVED CVE-2021-42221 @@ -2907,12 +2925,12 @@ CVE-2021-41141 RESERVED CVE-2021-41140 RESERVED -CVE-2021-41139 - RESERVED -CVE-2021-41138 - RESERVED -CVE-2021-41137 - RESERVED +CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + TODO: check +CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) + TODO: check +CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...) + TODO: check CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) - puma NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx @@ -3586,10 +3604,10 @@ CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3. NOT-FOR-US: Zenitel CVE-2021-40844 RESERVED -CVE-2021-40843 - RESERVED -CVE-2021-40842 - RESERVED +CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...) + TODO: check +CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) + TODO: check CVE-2021-40841 RESERVED CVE-2021-40840 @@ -3858,8 +3876,8 @@ CVE-2021-40734 RESERVED CVE-2021-40733 RESERVED -CVE-2021-40732 - RESERVED +CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) + TODO: check CVE-2021-40731 RESERVED CVE-2021-40730 @@ -7136,8 +7154,8 @@ CVE-2021-39306 RESERVED CVE-2021-39305 RESERVED -CVE-2021-39304 - RESERVED +CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...) + TODO: check CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -16272,8 +16290,8 @@ CVE-2021-35500 RESERVED CVE-2021-35499 RESERVED -CVE-2021-35498 - RESERVED +CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) + TODO: check CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) NOT-FOR-US: TIBCO CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) @@ -17809,8 +17827,8 @@ CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3 NOTE: https://civicrm.org/advisory/civi-sa-2020-03 CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...) NOT-FOR-US: Elemin -CVE-2021-34814 - RESERVED +CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...) + TODO: check CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) [experimental] - olm 3.2.3~dfsg-1 - olm (bug #989997) @@ -20640,8 +20658,8 @@ CVE-2021-33611 RESERVED CVE-2021-33610 RESERVED -CVE-2021-33609 - RESERVED +CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...) + TODO: check CVE-2021-33608 RESERVED CVE-2021-33607 @@ -39046,8 +39064,8 @@ CVE-2021-26320 RESERVED CVE-2021-26319 RESERVED -CVE-2021-26318 - RESERVED +CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...) + TODO: check CVE-2021-26317 RESERVED CVE-2021-26316 @@ -46589,8 +46607,8 @@ CVE-2021-3059 RESERVED CVE-2021-3058 RESERVED -CVE-2021-3057 - RESERVED +CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...) + TODO: check CVE-2021-3056 RESERVED CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...) @@ -49228,14 +49246,14 @@ CVE-2021-22038 RESERVED CVE-2021-22037 RESERVED -CVE-2021-22036 - RESERVED -CVE-2021-22035 - RESERVED +CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...) + TODO: check +CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...) + TODO: check CVE-2021-22034 RESERVED -CVE-2021-22033 - RESERVED +CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...) + TODO: check CVE-2021-22032 RESERVED CVE-2021-22031 @@ -53782,14 +53800,14 @@ CVE-2021-20836 RESERVED CVE-2021-20835 RESERVED -CVE-2021-20834 - RESERVED -CVE-2021-20833 - RESERVED -CVE-2021-20832 - RESERVED -CVE-2021-20831 - RESERVED +CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) + TODO: check +CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...) + TODO: check +CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...) + TODO: check +CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...) + TODO: check CVE-2021-20830 RESERVED CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...) @@ -53836,32 +53854,32 @@ CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, P - movabletype-opensource CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...) - movabletype-opensource -CVE-2021-20807 - RESERVED -CVE-2021-20806 - RESERVED -CVE-2021-20805 - RESERVED -CVE-2021-20804 - RESERVED -CVE-2021-20803 - RESERVED -CVE-2021-20802 - RESERVED -CVE-2021-20801 - RESERVED -CVE-2021-20800 - RESERVED -CVE-2021-20799 - RESERVED -CVE-2021-20798 - RESERVED -CVE-2021-20797 - RESERVED -CVE-2021-20796 - RESERVED -CVE-2021-20795 - RESERVED +CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...) + TODO: check +CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) + TODO: check +CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...) + TODO: check +CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to ...) + TODO: check +CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) + TODO: check +CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of ...) + TODO: check +CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...) + TODO: check +CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...) + TODO: check CVE-2021-20794 RESERVED CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...) @@ -55649,24 +55667,24 @@ CVE-2021-20133 RESERVED CVE-2021-20132 RESERVED -CVE-2021-20131 - RESERVED -CVE-2021-20130 - RESERVED -CVE-2021-20129 - RESERVED -CVE-2021-20128 - RESERVED -CVE-2021-20127 - RESERVED -CVE-2021-20126 - RESERVED -CVE-2021-20125 - RESERVED -CVE-2021-20124 - RESERVED -CVE-2021-20123 - RESERVED +CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) + TODO: check +CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) + TODO: check +CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...) + TODO: check +CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...) + TODO: check +CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...) + TODO: check +CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...) + TODO: check +CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists ...) + TODO: check +CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) + TODO: check +CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) + TODO: check CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) NOT-FOR-US: Telus Wi-Fi Hub CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) -- cgit v1.2.3