From 74db53d2f25fae75e63056894de6fb99c56e3ef1 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 13 Oct 2021 20:10:18 +0000 Subject: automatic update --- data/CVE/list.2020 | 12 ++++ data/CVE/list.2021 | 178 +++++++++++++++++++++++++++-------------------------- 2 files changed, 104 insertions(+), 86 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index c54999b16a..3a8317dad3 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,15 @@ +CVE-2020-36484 + RESERVED +CVE-2020-36483 + RESERVED +CVE-2020-36482 + RESERVED +CVE-2020-36481 + RESERVED +CVE-2020-36480 + RESERVED +CVE-2020-36479 + RESERVED CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...) - mbedtls 2.16.9-0.1 NOTE: https://github.com/ARMmbed/mbedtls/issues/3629 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index de1ac12e5c..e491e12f70 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,9 @@ +CVE-2021-42340 + RESERVED +CVE-2021-3884 + RESERVED +CVE-2021-3883 + RESERVED CVE-2021-42339 RESERVED CVE-2021-42338 @@ -247,10 +253,10 @@ CVE-2021-42226 RESERVED CVE-2021-42225 RESERVED -CVE-2021-42224 - RESERVED -CVE-2021-42223 - RESERVED +CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...) + TODO: check +CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...) + TODO: check CVE-2021-42222 RESERVED CVE-2021-42221 @@ -2681,12 +2687,12 @@ CVE-2021-41141 RESERVED CVE-2021-41140 RESERVED -CVE-2021-41139 - RESERVED -CVE-2021-41138 - RESERVED -CVE-2021-41137 - RESERVED +CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + TODO: check +CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) + TODO: check +CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...) + TODO: check CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) - puma NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx @@ -3360,10 +3366,10 @@ CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3. NOT-FOR-US: Zenitel CVE-2021-40844 RESERVED -CVE-2021-40843 - RESERVED -CVE-2021-40842 - RESERVED +CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...) + TODO: check +CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) + TODO: check CVE-2021-40841 RESERVED CVE-2021-40840 @@ -3632,8 +3638,8 @@ CVE-2021-40734 RESERVED CVE-2021-40733 RESERVED -CVE-2021-40732 - RESERVED +CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) + TODO: check CVE-2021-40731 RESERVED CVE-2021-40730 @@ -6900,8 +6906,8 @@ CVE-2021-39306 RESERVED CVE-2021-39305 RESERVED -CVE-2021-39304 - RESERVED +CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...) + TODO: check CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -15782,8 +15788,8 @@ CVE-2021-35500 RESERVED CVE-2021-35499 RESERVED -CVE-2021-35498 - RESERVED +CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) + TODO: check CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) NOT-FOR-US: TIBCO CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) @@ -17294,8 +17300,8 @@ CVE-2021-34816 (An Argument Injection issue in the plugin management of Etherpad - etherpad-lite (bug #576998) CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...) NOT-FOR-US: CheckSec Canopy -CVE-2021-34814 - RESERVED +CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...) + TODO: check CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) [experimental] - olm 3.2.3~dfsg-1 - olm (bug #989997) @@ -20055,8 +20061,8 @@ CVE-2021-33611 RESERVED CVE-2021-33610 RESERVED -CVE-2021-33609 - RESERVED +CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...) + TODO: check CVE-2021-33608 RESERVED CVE-2021-33607 @@ -37919,8 +37925,8 @@ CVE-2021-26320 RESERVED CVE-2021-26319 RESERVED -CVE-2021-26318 - RESERVED +CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...) + TODO: check CVE-2021-26317 RESERVED CVE-2021-26316 @@ -45295,8 +45301,8 @@ CVE-2021-3059 RESERVED CVE-2021-3058 RESERVED -CVE-2021-3057 - RESERVED +CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...) + TODO: check CVE-2021-3056 RESERVED CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...) @@ -47801,14 +47807,14 @@ CVE-2021-22038 RESERVED CVE-2021-22037 RESERVED -CVE-2021-22036 - RESERVED -CVE-2021-22035 - RESERVED +CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...) + TODO: check +CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...) + TODO: check CVE-2021-22034 RESERVED -CVE-2021-22033 - RESERVED +CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...) + TODO: check CVE-2021-22032 RESERVED CVE-2021-22031 @@ -50906,14 +50912,14 @@ CVE-2021-20836 RESERVED CVE-2021-20835 RESERVED -CVE-2021-20834 - RESERVED -CVE-2021-20833 - RESERVED -CVE-2021-20832 - RESERVED -CVE-2021-20831 - RESERVED +CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) + TODO: check +CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...) + TODO: check +CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...) + TODO: check +CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...) + TODO: check CVE-2021-20830 RESERVED CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...) @@ -50960,32 +50966,32 @@ CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, P - movabletype-opensource CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...) - movabletype-opensource -CVE-2021-20807 - RESERVED -CVE-2021-20806 - RESERVED -CVE-2021-20805 - RESERVED -CVE-2021-20804 - RESERVED -CVE-2021-20803 - RESERVED -CVE-2021-20802 - RESERVED -CVE-2021-20801 - RESERVED -CVE-2021-20800 - RESERVED -CVE-2021-20799 - RESERVED -CVE-2021-20798 - RESERVED -CVE-2021-20797 - RESERVED -CVE-2021-20796 - RESERVED -CVE-2021-20795 - RESERVED +CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...) + TODO: check +CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) + TODO: check +CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...) + TODO: check +CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to ...) + TODO: check +CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) + TODO: check +CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + TODO: check +CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of ...) + TODO: check +CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...) + TODO: check +CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...) + TODO: check CVE-2021-20794 RESERVED CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...) @@ -52773,24 +52779,24 @@ CVE-2021-20133 RESERVED CVE-2021-20132 RESERVED -CVE-2021-20131 - RESERVED -CVE-2021-20130 - RESERVED -CVE-2021-20129 - RESERVED -CVE-2021-20128 - RESERVED -CVE-2021-20127 - RESERVED -CVE-2021-20126 - RESERVED -CVE-2021-20125 - RESERVED -CVE-2021-20124 - RESERVED -CVE-2021-20123 - RESERVED +CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) + TODO: check +CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) + TODO: check +CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...) + TODO: check +CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...) + TODO: check +CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...) + TODO: check +CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...) + TODO: check +CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists ...) + TODO: check +CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) + TODO: check +CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) + TODO: check CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) NOT-FOR-US: Telus Wi-Fi Hub CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) -- cgit v1.2.3