summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2021-10-14 20:10:21 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2021-10-14 20:10:21 +0000
commitef93966e7f83b6bb072d6fb9ea8459b9042b319e (patch)
tree87be3789c9f41bd2490a3896c87dc38c8df62ec3
parentb1dc3be9209a79c072027d5cade05830e5aa1ef9 (diff)
automatic update
-rw-r--r--data/CVE/list.202034
-rw-r--r--data/CVE/list.2021181
2 files changed, 155 insertions, 60 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index ca74052c04..b9edcf3a59 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -1,3 +1,5 @@
+CVE-2020-36485
+ RESERVED
CVE-2020-36484
RESERVED
CVE-2020-36483
@@ -19664,8 +19666,8 @@ CVE-2020-22726
RESERVED
CVE-2020-22725
RESERVED
-CVE-2020-22724
- RESERVED
+CVE-2020-22724 (A remote command execution vulnerability exists in add_server_service ...)
+ TODO: check
CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhiche ...)
NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop
CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...)
@@ -25558,28 +25560,28 @@ CVE-2020-19966
RESERVED
CVE-2020-19965
RESERVED
-CVE-2020-19964
- RESERVED
+CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...)
+ TODO: check
CVE-2020-19963
RESERVED
-CVE-2020-19962
- RESERVED
-CVE-2020-19961
- RESERVED
-CVE-2020-19960
- RESERVED
-CVE-2020-19959
- RESERVED
+CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...)
+ TODO: check
+CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
+CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
+CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
CVE-2020-19958
RESERVED
-CVE-2020-19957
- RESERVED
+CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ TODO: check
CVE-2020-19956
RESERVED
CVE-2020-19955
RESERVED
-CVE-2020-19954
- RESERVED
+CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...)
+ TODO: check
CVE-2020-19953
RESERVED
CVE-2020-19952
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index df7c42a293..688d7aa503 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,95 @@
+CVE-2021-42392
+ RESERVED
+CVE-2021-42391
+ RESERVED
+CVE-2021-42390
+ RESERVED
+CVE-2021-42389
+ RESERVED
+CVE-2021-42388
+ RESERVED
+CVE-2021-42387
+ RESERVED
+CVE-2021-42386
+ RESERVED
+CVE-2021-42385
+ RESERVED
+CVE-2021-42384
+ RESERVED
+CVE-2021-42383
+ RESERVED
+CVE-2021-42382
+ RESERVED
+CVE-2021-42381
+ RESERVED
+CVE-2021-42380
+ RESERVED
+CVE-2021-42379
+ RESERVED
+CVE-2021-42378
+ RESERVED
+CVE-2021-42377
+ RESERVED
+CVE-2021-42376
+ RESERVED
+CVE-2021-42375
+ RESERVED
+CVE-2021-42374
+ RESERVED
+CVE-2021-42373
+ RESERVED
+CVE-2021-42372
+ RESERVED
+CVE-2021-42371
+ RESERVED
+CVE-2021-42370
+ RESERVED
+CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...)
+ TODO: check
+CVE-2021-42368
+ RESERVED
+CVE-2021-42367
+ RESERVED
+CVE-2021-42366
+ RESERVED
+CVE-2021-42365
+ RESERVED
+CVE-2021-42364
+ RESERVED
+CVE-2021-42363
+ RESERVED
+CVE-2021-42362
+ RESERVED
+CVE-2021-42361
+ RESERVED
+CVE-2021-42360
+ RESERVED
+CVE-2021-42359
+ RESERVED
+CVE-2021-42358
+ RESERVED
+CVE-2021-42357
+ RESERVED
+CVE-2021-42356
+ RESERVED
+CVE-2021-42355
+ RESERVED
+CVE-2021-42354
+ RESERVED
+CVE-2021-42353
+ RESERVED
+CVE-2021-42352
+ RESERVED
+CVE-2021-42351
+ RESERVED
+CVE-2021-42350
+ RESERVED
+CVE-2021-42349
+ RESERVED
+CVE-2021-42348
+ RESERVED
+CVE-2021-42347
+ RESERVED
CVE-2021-42346
RESERVED
CVE-2021-42345
@@ -180,8 +272,8 @@ CVE-2021-42264
RESERVED
CVE-2021-42263
RESERVED
-CVE-2021-3882
- RESERVED
+CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...)
+ TODO: check
CVE-2021-3881
RESERVED
CVE-2021-3880
@@ -264,10 +356,10 @@ CVE-2021-42230
RESERVED
CVE-2021-42229
RESERVED
-CVE-2021-42228
- RESERVED
-CVE-2021-42227
- RESERVED
+CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...)
+ TODO: check
+CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...)
+ TODO: check
CVE-2021-42226
RESERVED
CVE-2021-42225
@@ -2303,7 +2395,7 @@ CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Py
NOT-FOR-US: Pydio Cells
CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
NOT-FOR-US: Pydio Cells
-CVE-2021-41322 (Poly VVX 400/410 through 5.3.1 allows low-privileged users to change t ...)
+CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to chang ...)
NOT-FOR-US: Poly VVX 400/410
CVE-2021-41321
RESERVED
@@ -2701,8 +2793,8 @@ CVE-2021-41144
RESERVED
CVE-2021-41143
RESERVED
-CVE-2021-41142
- RESERVED
+CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ TODO: check
CVE-2021-41141
RESERVED
CVE-2021-41140
@@ -2721,8 +2813,8 @@ CVE-2021-41135
RESERVED
CVE-2021-41134
RESERVED
-CVE-2021-41132
- RESERVED
+CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...)
+ TODO: check
CVE-2021-41131
RESERVED
CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...)
@@ -6876,8 +6968,8 @@ CVE-2021-39332
RESERVED
CVE-2021-39331
RESERVED
-CVE-2021-39330
- RESERVED
+CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...)
+ TODO: check
CVE-2021-39329
RESERVED
CVE-2021-39328
@@ -7311,6 +7403,7 @@ CVE-2021-39202 (WordPress is a free and open-source content management system wr
- wordpress <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297
CVE-2021-39201 (WordPress is a free and open-source content management system written ...)
+ {DSA-4985-1}
- wordpress 5.8.1+dfsg1-1 (bug #994059)
[stretch] - wordpress <not-affected> (Vulnerable code added later)
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v
@@ -9300,12 +9393,12 @@ CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected C
NOT-FOR-US: WordPress plugin
CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-38346
- RESERVED
-CVE-2021-38345
- RESERVED
-CVE-2021-38344
- RESERVED
+CVE-2021-38346 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress allowed authe ...)
+ TODO: check
+CVE-2021-38345 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress used an incor ...)
+ TODO: check
+CVE-2021-38344 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress was vulnerabl ...)
+ TODO: check
CVE-2021-38343 (The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable to an Op ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38342 (The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable to Cross ...)
@@ -10299,8 +10392,8 @@ CVE-2021-37935
RESERVED
CVE-2021-37934
RESERVED
-CVE-2021-37933
- RESERVED
+CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...)
+ TODO: check
CVE-2021-37932
RESERVED
CVE-2021-3681
@@ -13748,12 +13841,12 @@ CVE-2021-36391
RESERVED
CVE-2021-36390
RESERVED
-CVE-2021-36389
- RESERVED
-CVE-2021-36388
- RESERVED
-CVE-2021-36387
- RESERVED
+CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...)
+ TODO: check
+CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...)
+ TODO: check
+CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...)
+ TODO: check
CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...)
- fetchmail 6.4.16-4 (unimportant)
NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
@@ -16462,7 +16555,7 @@ CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution
NOT-FOR-US: Solarwinds
CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
NOT-FOR-US: Solarwinds
-CVE-2021-35214 (The vulnerability can be described as a failure to invalidate user ses ...)
+CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...)
NOT-FOR-US: Solarwinds
CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...)
NOT-FOR-US: SolarWinds
@@ -21196,12 +21289,12 @@ CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi compo
NOT-FOR-US: Synology
CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...)
NOT-FOR-US: Synology
-CVE-2021-33179
- RESERVED
-CVE-2021-33178
- RESERVED
-CVE-2021-33177
- RESERVED
+CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
+ TODO: check
+CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
+ TODO: check
+CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
+ TODO: check
CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...)
NOT-FOR-US: VerneMQ MQTT Broker
CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...)
@@ -22724,12 +22817,12 @@ CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.
NOT-FOR-US: Node express-cart
CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...)
NOT-FOR-US: Speco Web Viewer
-CVE-2021-32571
- RESERVED
+CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ TODO: check
CVE-2021-32570
RESERVED
-CVE-2021-32569
- RESERVED
+CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ TODO: check
CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
NOT-FOR-US: mrdoc
CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...)
@@ -45737,10 +45830,10 @@ CVE-2021-22966
RESERVED
CVE-2021-22965
RESERVED
-CVE-2021-22964
- RESERVED
-CVE-2021-22963
- RESERVED
+CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version &gt;= ...)
+ TODO: check
+CVE-2021-22963 (A redirect vulnerability in the fastify-static module version &lt; 4.2 ...)
+ TODO: check
CVE-2021-22962
RESERVED
CVE-2021-22961
@@ -51409,8 +51502,8 @@ CVE-2021-20601
RESERVED
CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20599
- RESERVED
+CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
+ TODO: check
CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...)

© 2014-2021 Faster IT GmbH | imprint | privacy policy