diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-09-17 20:10:32 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-09-17 20:10:32 +0000 |
commit | 6be9b2ea089f1cd0b1e0436434dc06626b9987ba (patch) | |
tree | e1fb3f8d855b1a9354d91f522e91266cbb6a5e48 /data | |
parent | 48fdb3516a834781dccc945041c30329a3504a06 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2018 | 2 | ||||
-rw-r--r-- | data/CVE/list.2019 | 4 | ||||
-rw-r--r-- | data/CVE/list.2020 | 12 | ||||
-rw-r--r-- | data/CVE/list.2021 | 197 |
4 files changed, 176 insertions, 39 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 282d90d5ab..921aeeb183 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -1500,7 +1500,7 @@ CVE-2018-20688 CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...) NOT-FOR-US: Raritan CommandCenter Secure Gateway CVE-2018-20686 - RESERVED + REJECTED CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...) NOT-FOR-US: WinSCP CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index d75fa0bbd8..28f9aa5e42 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -32806,8 +32806,8 @@ CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site R NOT-FOR-US: PHP Scripts Mall Online Food Ordering Script CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...) NOT-FOR-US: CMS Made Simple -CVE-2019-9060 - RESERVED +CVE-2019-9060 (An issue was discovered in CMS Made Simple 2.2.8. It is possible to ac ...) + TODO: check CVE-2019-9059 (An issue was discovered in CMS Made Simple 2.2.8. It is possible, with ...) NOT-FOR-US: CMS Made Simple CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administrator ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 3cf62f3f7e..43e160d100 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -43999,14 +43999,14 @@ CVE-2020-12085 RESERVED CVE-2020-12084 RESERVED -CVE-2020-12083 - RESERVED -CVE-2020-12082 - RESERVED +CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code ...) + TODO: check +CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...) + TODO: check CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...) NOT-FOR-US: FlexNet Publisher lmadmin.exe -CVE-2020-12080 - RESERVED +CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...) + TODO: check CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...) {DSA-4664-1 DLA-2200-1} - mailman <removed> (bug #958930) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 43abc1a0f2..fd631a0c71 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,141 @@ +CVE-2021-41380 + RESERVED +CVE-2021-41379 + RESERVED +CVE-2021-41378 + RESERVED +CVE-2021-41377 + RESERVED +CVE-2021-41376 + RESERVED +CVE-2021-41375 + RESERVED +CVE-2021-41374 + RESERVED +CVE-2021-41373 + RESERVED +CVE-2021-41372 + RESERVED +CVE-2021-41371 + RESERVED +CVE-2021-41370 + RESERVED +CVE-2021-41369 + RESERVED +CVE-2021-41368 + RESERVED +CVE-2021-41367 + RESERVED +CVE-2021-41366 + RESERVED +CVE-2021-41365 + RESERVED +CVE-2021-41364 + RESERVED +CVE-2021-41363 + RESERVED +CVE-2021-41362 + RESERVED +CVE-2021-41361 + RESERVED +CVE-2021-41360 + RESERVED +CVE-2021-41359 + RESERVED +CVE-2021-41358 + RESERVED +CVE-2021-41357 + RESERVED +CVE-2021-41356 + RESERVED +CVE-2021-41355 + RESERVED +CVE-2021-41354 + RESERVED +CVE-2021-41353 + RESERVED +CVE-2021-41352 + RESERVED +CVE-2021-41351 + RESERVED +CVE-2021-41350 + RESERVED +CVE-2021-41349 + RESERVED +CVE-2021-41348 + RESERVED +CVE-2021-41347 + RESERVED +CVE-2021-41346 + RESERVED +CVE-2021-41345 + RESERVED +CVE-2021-41344 + RESERVED +CVE-2021-41343 + RESERVED +CVE-2021-41342 + RESERVED +CVE-2021-41341 + RESERVED +CVE-2021-41340 + RESERVED +CVE-2021-41339 + RESERVED +CVE-2021-41338 + RESERVED +CVE-2021-41337 + RESERVED +CVE-2021-41336 + RESERVED +CVE-2021-41335 + RESERVED +CVE-2021-41334 + RESERVED +CVE-2021-41333 + RESERVED +CVE-2021-41332 + RESERVED +CVE-2021-41331 + RESERVED +CVE-2021-41330 + RESERVED +CVE-2021-41329 + RESERVED +CVE-2021-41328 + RESERVED +CVE-2021-41327 + RESERVED +CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...) + TODO: check +CVE-2021-41325 + RESERVED +CVE-2021-41324 + RESERVED +CVE-2021-41323 + RESERVED +CVE-2021-41322 + RESERVED +CVE-2021-41321 + RESERVED +CVE-2021-41320 + RESERVED +CVE-2021-41319 + RESERVED +CVE-2021-41318 + RESERVED +CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...) + TODO: check +CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...) + TODO: check +CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...) + TODO: check +CVE-2021-3815 + RESERVED +CVE-2021-3814 + RESERVED +CVE-2021-3813 + RESERVED CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) NOT-FOR-US: NETGEAR CVE-2021-41313 @@ -44,8 +182,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o [buster] - node-object-path <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 -CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass] - RESERVED +CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) - shiro <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 TODO: check @@ -1046,8 +1183,8 @@ CVE-2021-40827 RESERVED CVE-2021-40826 RESERVED -CVE-2021-40825 - RESERVED +CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...) + TODO: check CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...) NOT-FOR-US: matrix-android-sdk2 CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) @@ -4373,8 +4510,8 @@ CVE-2021-39329 RESERVED CVE-2021-39328 RESERVED -CVE-2021-39327 - RESERVED +CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) + TODO: check CVE-2021-39326 RESERVED CVE-2021-39325 @@ -4722,10 +4859,10 @@ CVE-2021-39230 RESERVED CVE-2021-39229 RESERVED -CVE-2021-39228 - RESERVED -CVE-2021-39227 - RESERVED +CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...) + TODO: check +CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...) + TODO: check CVE-2021-39226 RESERVED CVE-2021-39225 @@ -6528,8 +6665,8 @@ CVE-2021-38414 RESERVED CVE-2021-38413 RESERVED -CVE-2021-38412 - RESERVED +CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...) + TODO: check CVE-2021-38411 RESERVED CVE-2021-38410 @@ -6540,16 +6677,16 @@ CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAcce NOT-FOR-US: Advantech WebAccess CVE-2021-38407 RESERVED -CVE-2021-38406 - RESERVED +CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + TODO: check CVE-2021-38405 RESERVED -CVE-2021-38404 - RESERVED +CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + TODO: check CVE-2021-38403 RESERVED -CVE-2021-38402 - RESERVED +CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + TODO: check CVE-2021-38401 RESERVED CVE-2021-38400 @@ -6779,8 +6916,8 @@ CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an u NOT-FOR-US: LG CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...) NOT-FOR-US: 23andMe Yamale -CVE-2021-38304 - RESERVED +CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...) + TODO: check CVE-2021-38303 RESERVED CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...) @@ -21659,14 +21796,14 @@ CVE-2021-31847 RESERVED CVE-2021-31846 RESERVED -CVE-2021-31845 - RESERVED -CVE-2021-31844 - RESERVED -CVE-2021-31843 - RESERVED -CVE-2021-31842 - RESERVED +CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...) + TODO: check +CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...) + TODO: check +CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...) + TODO: check +CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...) + TODO: check CVE-2021-31841 RESERVED CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...) @@ -41766,8 +41903,8 @@ CVE-2021-23444 RESERVED CVE-2021-23443 RESERVED -CVE-2021-23442 - RESERVED +CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...) + TODO: check CVE-2021-23441 RESERVED CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusion vuln ...) |