diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-08-06 20:10:22 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-08-06 20:10:22 +0000 |
| commit | ac16a4b8a9c93bbffa8981ce9f0754f87e86e4d8 (patch) | |
| tree | f9b786f45863d1d91f94aacbd3b91fe0e7f68f44 /data | |
| parent | b6b690f4fa725f4f4776c9afc3834500f153c109 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list.2018 | 3 | ||||
| -rw-r--r-- | data/CVE/list.2020 | 14 | ||||
| -rw-r--r-- | data/CVE/list.2021 | 166 |
3 files changed, 97 insertions, 86 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index c9413b0440..96583a2f35 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -10847,7 +10847,8 @@ CVE-2018-17257 REJECTED CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.1 ...) NOT-FOR-US: Umbraco CMS -CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...) +CVE-2018-17255 + REJECTED NOT-FOR-US: Navigate CMS CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via th ...) NOT-FOR-US: JCK Editor component for Joomla! diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 66388f9ad8..5529cb5a05 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -20230,8 +20230,8 @@ CVE-2020-22332 RESERVED CVE-2020-22331 RESERVED -CVE-2020-22330 - RESERVED +CVE-2020-22330 (Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the titl ...) + TODO: check CVE-2020-22329 RESERVED CVE-2020-22328 @@ -27713,10 +27713,10 @@ CVE-2020-18696 RESERVED CVE-2020-18695 RESERVED -CVE-2020-18694 - RESERVED -CVE-2020-18693 - RESERVED +CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote att ...) + TODO: check +CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attacker ...) + TODO: check CVE-2020-18692 RESERVED CVE-2020-18691 @@ -38693,7 +38693,7 @@ CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-pa NOT-FOR-US: Navigate CMS CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...) NOT-FOR-US: Navigate CMS -CVE-2020-14014 (An issue was discovered in Navigate CMS 2.9 r1433. The query parameter ...) +CVE-2020-14014 (An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query p ...) NOT-FOR-US: Navigate CMS CVE-2020-14013 RESERVED diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 7541358d27..38b5f6cb39 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,5 +1,15 @@ -CVE-2021-38149 +CVE-2021-38154 RESERVED +CVE-2021-38153 + RESERVED +CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...) + TODO: check +CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...) + TODO: check +CVE-2021-38150 + RESERVED +CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...) + TODO: check CVE-2021-38148 RESERVED CVE-2021-38147 @@ -22,10 +32,10 @@ CVE-2021-38139 RESERVED CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...) NOT-FOR-US: OneNav -CVE-2021-38137 - RESERVED -CVE-2021-38136 - RESERVED +CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctly chec ...) + TODO: check +CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...) + TODO: check CVE-2021-3688 RESERVED CVE-2021-38135 @@ -1275,36 +1285,36 @@ CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon be - centreon-web <itp> (bug #913903) CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...) NOT-FOR-US: TX9 Automatic Food Dispenser -CVE-2021-37554 - RESERVED -CVE-2021-37553 - RESERVED -CVE-2021-37552 - RESERVED -CVE-2021-37551 - RESERVED -CVE-2021-37550 - RESERVED -CVE-2021-37549 - RESERVED -CVE-2021-37548 - RESERVED -CVE-2021-37547 - RESERVED -CVE-2021-37546 - RESERVED -CVE-2021-37545 - RESERVED -CVE-2021-37544 - RESERVED -CVE-2021-37543 - RESERVED -CVE-2021-37542 - RESERVED -CVE-2021-37541 - RESERVED -CVE-2021-37540 - RESERVED +CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...) + TODO: check +CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. ...) + TODO: check +CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. ...) + TODO: check +CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...) + TODO: check +CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...) + TODO: check +CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...) + TODO: check +CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...) + TODO: check +CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...) + TODO: check +CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...) + TODO: check +CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...) + TODO: check +CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...) + TODO: check +CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...) + TODO: check +CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...) + TODO: check +CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...) + TODO: check +CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...) + TODO: check CVE-2021-37539 RESERVED CVE-2021-3666 @@ -1631,8 +1641,8 @@ CVE-2021-37390 RESERVED CVE-2021-37389 RESERVED -CVE-2021-37388 - RESERVED +CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...) + TODO: check CVE-2021-37387 RESERVED CVE-2021-37386 @@ -1645,8 +1655,8 @@ CVE-2021-37383 RESERVED CVE-2021-37382 RESERVED -CVE-2021-37381 - RESERVED +CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access ...) + TODO: check CVE-2021-37380 RESERVED CVE-2021-37379 @@ -2884,8 +2894,8 @@ CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root acc NOT-FOR-US: Victron Energy Venus OS CVE-2021-36796 RESERVED -CVE-2021-36795 - RESERVED +CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...) + TODO: check CVE-2021-36794 RESERVED CVE-2021-36793 @@ -3110,14 +3120,14 @@ CVE-2021-36710 RESERVED CVE-2021-36709 RESERVED -CVE-2021-36708 - RESERVED -CVE-2021-36707 - RESERVED -CVE-2021-36706 - RESERVED -CVE-2021-36705 - RESERVED +CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...) + TODO: check +CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in th ...) + TODO: check +CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the ...) + TODO: check +CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the a ...) + TODO: check CVE-2021-36704 RESERVED CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...) @@ -3618,10 +3628,10 @@ CVE-2021-36457 RESERVED CVE-2021-36456 RESERVED -CVE-2021-36455 - RESERVED -CVE-2021-36454 - RESERVED +CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quick ...) + TODO: check +CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 ...) + TODO: check CVE-2021-36453 RESERVED CVE-2021-36452 @@ -3844,8 +3854,8 @@ CVE-2021-36353 RESERVED CVE-2021-36352 RESERVED -CVE-2021-36351 - RESERVED +CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...) + TODO: check CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function] RESERVED - linux <unfixed> @@ -4166,8 +4176,8 @@ CVE-2021-36211 RESERVED CVE-2021-36210 RESERVED -CVE-2021-36209 - RESERVED +CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...) + TODO: check CVE-2021-36208 RESERVED CVE-2021-36207 @@ -6181,8 +6191,8 @@ CVE-2021-35314 RESERVED CVE-2021-35313 RESERVED -CVE-2021-35312 - RESERVED +CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...) + TODO: check CVE-2021-35311 RESERVED CVE-2021-35310 @@ -9923,7 +9933,7 @@ CVE-2021-33631 RESERVED CVE-2021-33630 RESERVED -CVE-2021-33629 (isula-build before 0.9.5-8 can cause a program crash, when building co ...) +CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...) NOT-FOR-US: isula-build CVE-2021-33628 RESERVED @@ -12366,8 +12376,8 @@ CVE-2021-32599 RESERVED CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) NOT-FOR-US: FortiGuard -CVE-2021-32597 - RESERVED +CVE-2021-32597 (Multiple improper neutralization of input during web page generation ( ...) + TODO: check CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...) NOT-FOR-US: FortiPortal CVE-2021-32595 @@ -12386,8 +12396,8 @@ CVE-2021-32589 RESERVED CVE-2021-32588 RESERVED -CVE-2021-32587 - RESERVED +CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...) + TODO: check CVE-2021-32586 RESERVED CVE-2021-32585 @@ -25776,10 +25786,10 @@ CVE-2021-27001 RESERVED CVE-2021-27000 RESERVED -CVE-2021-26999 - RESERVED -CVE-2021-26998 - RESERVED +CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...) + TODO: check +CVE-2021-26998 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...) + TODO: check CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) @@ -26716,8 +26726,8 @@ CVE-2021-26608 RESERVED CVE-2021-26607 RESERVED -CVE-2021-26606 - RESERVED +CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...) + TODO: check CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...) NOT-FOR-US: ezPDFReader CVE-2021-26604 @@ -36607,8 +36617,8 @@ CVE-2021-22297 RESERVED CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...) NOT-FOR-US: HarmonyOS -CVE-2021-22295 - RESERVED +CVE-2021-22295 (A component of the HarmonyOS has a permission bypass vulnerability. Lo ...) + TODO: check CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...) NOT-FOR-US: HarmonyOS CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...) @@ -40608,16 +40618,16 @@ CVE-2021-20600 RESERVED CVE-2021-20599 RESERVED -CVE-2021-20598 - RESERVED -CVE-2021-20597 - RESERVED +CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...) + TODO: check +CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...) + TODO: check CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version ...) NOT-FOR-US: Mitsubishi CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...) NOT-FOR-US: Mitsubishi -CVE-2021-20594 - RESERVED +CVE-2021-20594 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...) NOT-FOR-US: Mitsubishi CVE-2021-20592 (Missing synchronization vulnerability in GOT2000 series GT27 model com ...) |