From 26747145b62d7bbc3a5f0aeec37f300e8a525d6f Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 2 Nov 2021 08:10:14 +0000 Subject: automatic update --- data/CVE/list.2018 | 38 +++++++++-------- data/CVE/list.2021 | 118 ++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 110 insertions(+), 46 deletions(-) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 897931f1ab..e9b9a6a98f 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -17563,13 +17563,14 @@ CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327 NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578 CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880 NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...) + {DLA-2806-1} - glusterfs 5.1-1 (bug #912997) [jessie] - glusterfs (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 @@ -17577,7 +17578,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929 @@ -17595,6 +17596,7 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...) NOT-FOR-US: Keycloak CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...) + {DLA-2806-1} - glusterfs 5.1-1 (bug #912997) [jessie] - glusterfs (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 @@ -17603,7 +17605,7 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1) NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5) CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431 @@ -17612,7 +17614,7 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7 NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.0-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974 @@ -27571,31 +27573,31 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C - cobbler NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9 CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e @@ -27617,7 +27619,7 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4 NOTE: https://review.gluster.org/20723 CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659 NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e @@ -27657,19 +27659,19 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5 NOTE: https://www.postgresql.org/about/news/1878/ CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...) NOT-FOR-US: Keycloak CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657 NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d @@ -27684,11 +27686,11 @@ CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state be NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89 NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51 CVE-2018-10909 - RESERVED + REJECTED CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...) - vdsm (bug #668538) CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642 NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7 @@ -27701,7 +27703,7 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298 NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd @@ -28005,6 +28007,7 @@ CVE-2018-10843 (source-to-image component of Openshift Container Platform before CVE-2018-10842 REJECTED CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...) + {DLA-2806-1} - glusterfs 4.1.2-1 (bug #901968) [jessie] - glusterfs (vulnerable code not present) NOTE: https://review.gluster.org/#/c/20328/ @@ -41682,7 +41685,7 @@ CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies. NOTE: Will be adressed in 9.11.5, 9.12.3 CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...) - {DLA-1485-1} + {DLA-2807-1 DLA-1485-1} - bind9 1:9.11.4.P1+dfsg-1 (bug #905743) NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740 NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits @@ -52832,6 +52835,7 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr [stretch] - 389-ds-base (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...) + {DLA-2806-1} - glusterfs 4.0.2-1 (bug #896128) [jessie] - glusterfs (vulnerable code not present) [wheezy] - glusterfs (vulnerable code not present) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 43d46747c7..9334da49d0 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,63 @@ +CVE-2021-43203 + RESERVED +CVE-2021-43202 + RESERVED +CVE-2021-43201 + RESERVED +CVE-2021-43200 + RESERVED +CVE-2021-43199 + RESERVED +CVE-2021-43198 + RESERVED +CVE-2021-43197 + RESERVED +CVE-2021-43196 + RESERVED +CVE-2021-43195 + RESERVED +CVE-2021-43194 + RESERVED +CVE-2021-43193 + RESERVED +CVE-2021-43192 + RESERVED +CVE-2021-43191 + RESERVED +CVE-2021-43190 + RESERVED +CVE-2021-43189 + RESERVED +CVE-2021-43188 + RESERVED +CVE-2021-43187 + RESERVED +CVE-2021-43186 + RESERVED +CVE-2021-43185 + RESERVED +CVE-2021-43184 + RESERVED +CVE-2021-43183 + RESERVED +CVE-2021-43182 + RESERVED +CVE-2021-43181 + RESERVED +CVE-2021-43180 + RESERVED +CVE-2021-43179 + RESERVED +CVE-2021-43178 + RESERVED +CVE-2021-43177 + RESERVED +CVE-2021-43176 + RESERVED +CVE-2021-43175 + RESERVED +CVE-2021-3918 + RESERVED CVE-2021-43174 RESERVED CVE-2021-43173 @@ -236,8 +296,8 @@ CVE-2021-43060 RESERVED CVE-2021-43059 RESERVED -CVE-2021-43058 - RESERVED +CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic versions p ...) + TODO: check CVE-2021-3914 RESERVED CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...) @@ -4137,8 +4197,8 @@ CVE-2021-41312 RESERVED CVE-2021-41311 RESERVED -CVE-2021-41310 - RESERVED +CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + TODO: check CVE-2021-41309 RESERVED CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) @@ -4415,8 +4475,8 @@ CVE-2021-41189 (DSpace is an open source turnkey repository application. In vers NOT-FOR-US: DSpace CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) NOT-FOR-US: Shopware -CVE-2021-41187 - RESERVED +CVE-2021-41187 (DHIS 2 is an information system for data capture, management, validati ...) + TODO: check CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...) - fluentd (bug #926692) CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) @@ -6053,8 +6113,8 @@ CVE-2021-40505 RESERVED CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...) NOT-FOR-US: Node objection.js -CVE-2021-3765 - RESERVED +CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Complexit ...) + TODO: check CVE-2021-40504 RESERVED CVE-2021-40503 @@ -8693,8 +8753,8 @@ CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Si NOT-FOR-US: WordPress plugin CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) NOT-FOR-US: WordPress plugin -CVE-2021-39346 - RESERVED +CVE-2021-39346 (The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Si ...) + TODO: check CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) @@ -8703,10 +8763,10 @@ CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross NOT-FOR-US: WordPress plugin CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) NOT-FOR-US: WordPress plugin -CVE-2021-39341 - RESERVED -CVE-2021-39340 - RESERVED +CVE-2021-39341 (The OptinMonster WordPress plugin is vulnerable to sensitive informati ...) + TODO: check +CVE-2021-39340 (The Notification WordPress plugin is vulnerable to Stored Cross-Site S ...) + TODO: check CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...) NOT-FOR-US: WordPress plugin CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...) @@ -8719,8 +8779,8 @@ CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Store NOT-FOR-US: WordPress plugin CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin -CVE-2021-39333 - RESERVED +CVE-2021-39333 (The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress containe ...) + TODO: check CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-39331 @@ -11133,8 +11193,8 @@ CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross- NOT-FOR-US: WordPress plugin CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) NOT-FOR-US: WordPress plugin -CVE-2021-38356 - RESERVED +CVE-2021-38356 (The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress pl ...) + TODO: check CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...) @@ -22071,8 +22131,8 @@ CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Brow NOT-FOR-US: Safe Browser for iOS CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...) NOT-FOR-US: Safe Browser for Android -CVE-2021-33593 - RESERVED +CVE-2021-33593 (Whale browser for iOS before 1.14.0 has an inconsistent user interface ...) + TODO: check CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...) NOT-FOR-US: NAVER Toolbar CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...) @@ -26479,10 +26539,10 @@ CVE-2021-31851 RESERVED CVE-2021-31850 RESERVED -CVE-2021-31849 - RESERVED -CVE-2021-31848 - RESERVED +CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...) + TODO: check +CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...) + TODO: check CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...) NOT-FOR-US: McAfee CVE-2021-31846 @@ -40866,8 +40926,8 @@ CVE-2021-25975 RESERVED CVE-2021-25974 RESERVED -CVE-2021-25973 - RESERVED +CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...) + TODO: check CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...) NOT-FOR-US: Camaleon CMS CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught ...) @@ -42782,7 +42842,7 @@ CVE-2021-25221 CVE-2021-25220 RESERVED CVE-2021-25219 (In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3- ...) - {DSA-4994-1} + {DSA-4994-1 DLA-2807-1} - bind9 1:9.17.19-1 NOTE: https://kb.isc.org/docs/cve-2021-25219 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662 (v9_16_22) @@ -54794,8 +54854,8 @@ CVE-2021-20138 RESERVED CVE-2021-20137 RESERVED -CVE-2021-20136 - RESERVED +CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper acces ...) + TODO: check CVE-2021-20135 RESERVED CVE-2021-20134 -- cgit v1.2.3