automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-09-17 20:10:32 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-09-17 20:10:32 +0000
commit: 6be9b2ea089f1cd0b1e0436434dc06626b9987ba (patch)
tree: e1fb3f8d855b1a9354d91f522e91266cbb6a5e48 /data
parent: 48fdb3516a834781dccc945041c30329a3504a06 (diff)
4 files changed, 176 insertions, 39 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 282d90d5ab..921aeeb183 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -1500,7 +1500,7 @@ CVE-2018-20688
 CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...)
 	NOT-FOR-US: Raritan CommandCenter Secure Gateway
 CVE-2018-20686
-	RESERVED
+	REJECTED
 CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...)
 	NOT-FOR-US: WinSCP
 CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...)
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index d75fa0bbd8..28f9aa5e42 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -32806,8 +32806,8 @@ CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site R
 	NOT-FOR-US: PHP Scripts Mall Online Food Ordering Script
 CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2019-9060
-	RESERVED
+CVE-2019-9060 (An issue was discovered in CMS Made Simple 2.2.8. It is possible to ac ...)
+	TODO: check
 CVE-2019-9059 (An issue was discovered in CMS Made Simple 2.2.8. It is possible, with ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administrator ...)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 3cf62f3f7e..43e160d100 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -43999,14 +43999,14 @@ CVE-2020-12085
 	RESERVED
 CVE-2020-12084
 	RESERVED
-CVE-2020-12083
-	RESERVED
-CVE-2020-12082
-	RESERVED
+CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code  ...)
+	TODO: check
+CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...)
+	TODO: check
 CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...)
 	NOT-FOR-US: FlexNet Publisher lmadmin.exe
-CVE-2020-12080
-	RESERVED
+CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...)
+	TODO: check
 CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...)
 	{DSA-4664-1 DLA-2200-1}
 	- mailman <removed> (bug #958930)
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 43abc1a0f2..fd631a0c71 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,141 @@
+CVE-2021-41380
+	RESERVED
+CVE-2021-41379
+	RESERVED
+CVE-2021-41378
+	RESERVED
+CVE-2021-41377
+	RESERVED
+CVE-2021-41376
+	RESERVED
+CVE-2021-41375
+	RESERVED
+CVE-2021-41374
+	RESERVED
+CVE-2021-41373
+	RESERVED
+CVE-2021-41372
+	RESERVED
+CVE-2021-41371
+	RESERVED
+CVE-2021-41370
+	RESERVED
+CVE-2021-41369
+	RESERVED
+CVE-2021-41368
+	RESERVED
+CVE-2021-41367
+	RESERVED
+CVE-2021-41366
+	RESERVED
+CVE-2021-41365
+	RESERVED
+CVE-2021-41364
+	RESERVED
+CVE-2021-41363
+	RESERVED
+CVE-2021-41362
+	RESERVED
+CVE-2021-41361
+	RESERVED
+CVE-2021-41360
+	RESERVED
+CVE-2021-41359
+	RESERVED
+CVE-2021-41358
+	RESERVED
+CVE-2021-41357
+	RESERVED
+CVE-2021-41356
+	RESERVED
+CVE-2021-41355
+	RESERVED
+CVE-2021-41354
+	RESERVED
+CVE-2021-41353
+	RESERVED
+CVE-2021-41352
+	RESERVED
+CVE-2021-41351
+	RESERVED
+CVE-2021-41350
+	RESERVED
+CVE-2021-41349
+	RESERVED
+CVE-2021-41348
+	RESERVED
+CVE-2021-41347
+	RESERVED
+CVE-2021-41346
+	RESERVED
+CVE-2021-41345
+	RESERVED
+CVE-2021-41344
+	RESERVED
+CVE-2021-41343
+	RESERVED
+CVE-2021-41342
+	RESERVED
+CVE-2021-41341
+	RESERVED
+CVE-2021-41340
+	RESERVED
+CVE-2021-41339
+	RESERVED
+CVE-2021-41338
+	RESERVED
+CVE-2021-41337
+	RESERVED
+CVE-2021-41336
+	RESERVED
+CVE-2021-41335
+	RESERVED
+CVE-2021-41334
+	RESERVED
+CVE-2021-41333
+	RESERVED
+CVE-2021-41332
+	RESERVED
+CVE-2021-41331
+	RESERVED
+CVE-2021-41330
+	RESERVED
+CVE-2021-41329
+	RESERVED
+CVE-2021-41328
+	RESERVED
+CVE-2021-41327
+	RESERVED
+CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...)
+	TODO: check
+CVE-2021-41325
+	RESERVED
+CVE-2021-41324
+	RESERVED
+CVE-2021-41323
+	RESERVED
+CVE-2021-41322
+	RESERVED
+CVE-2021-41321
+	RESERVED
+CVE-2021-41320
+	RESERVED
+CVE-2021-41319
+	RESERVED
+CVE-2021-41318
+	RESERVED
+CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...)
+	TODO: check
+CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...)
+	TODO: check
+CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...)
+	TODO: check
+CVE-2021-3815
+	RESERVED
+CVE-2021-3814
+	RESERVED
+CVE-2021-3813
+	RESERVED
 CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
 	NOT-FOR-US: NETGEAR
 CVE-2021-41313
@@ -44,8 +182,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o
 	[buster] - node-object-path <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
 	NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
-CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass]
-	RESERVED
+CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
 	- shiro <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
 	TODO: check
@@ -1046,8 +1183,8 @@ CVE-2021-40827
 	RESERVED
 CVE-2021-40826
 	RESERVED
-CVE-2021-40825
-	RESERVED
+CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...)
+	TODO: check
 CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...)
 	NOT-FOR-US: matrix-android-sdk2
 CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...)
@@ -4373,8 +4510,8 @@ CVE-2021-39329
 	RESERVED
 CVE-2021-39328
 	RESERVED
-CVE-2021-39327
-	RESERVED
+CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
+	TODO: check
 CVE-2021-39326
 	RESERVED
 CVE-2021-39325
@@ -4722,10 +4859,10 @@ CVE-2021-39230
 	RESERVED
 CVE-2021-39229
 	RESERVED
-CVE-2021-39228
-	RESERVED
-CVE-2021-39227
-	RESERVED
+CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...)
+	TODO: check
+CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache  ...)
+	TODO: check
 CVE-2021-39226
 	RESERVED
 CVE-2021-39225
@@ -6528,8 +6665,8 @@ CVE-2021-38414
 	RESERVED
 CVE-2021-38413
 	RESERVED
-CVE-2021-38412
-	RESERVED
+CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
+	TODO: check
 CVE-2021-38411
 	RESERVED
 CVE-2021-38410
@@ -6540,16 +6677,16 @@ CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAcce
 	NOT-FOR-US: Advantech WebAccess
 CVE-2021-38407
 	RESERVED
-CVE-2021-38406
-	RESERVED
+CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+	TODO: check
 CVE-2021-38405
 	RESERVED
-CVE-2021-38404
-	RESERVED
+CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+	TODO: check
 CVE-2021-38403
 	RESERVED
-CVE-2021-38402
-	RESERVED
+CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+	TODO: check
 CVE-2021-38401
 	RESERVED
 CVE-2021-38400
@@ -6779,8 +6916,8 @@ CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an u
 	NOT-FOR-US: LG
 CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
 	NOT-FOR-US: 23andMe Yamale
-CVE-2021-38304
-	RESERVED
+CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...)
+	TODO: check
 CVE-2021-38303
 	RESERVED
 CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
@@ -21659,14 +21796,14 @@ CVE-2021-31847
 	RESERVED
 CVE-2021-31846
 	RESERVED
-CVE-2021-31845
-	RESERVED
-CVE-2021-31844
-	RESERVED
-CVE-2021-31843
-	RESERVED
-CVE-2021-31842
-	RESERVED
+CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...)
+	TODO: check
+CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...)
+	TODO: check
+CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...)
+	TODO: check
+CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...)
+	TODO: check
 CVE-2021-31841
 	RESERVED
 CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...)
@@ -41766,8 +41903,8 @@ CVE-2021-23444
 	RESERVED
 CVE-2021-23443
 	RESERVED
-CVE-2021-23442
-	RESERVED
+CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
+	TODO: check
 CVE-2021-23441
 	RESERVED
 CVE-2021-23440 (This affects the package set-value before 4.0.1. A type confusion vuln ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-09-17 20:10:32 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-09-17 20:10:32 +0000
commit	6be9b2ea089f1cd0b1e0436434dc06626b9987ba (patch)
tree	e1fb3f8d855b1a9354d91f522e91266cbb6a5e48 /data
parent	48fdb3516a834781dccc945041c30329a3504a06 (diff)