From ef93966e7f83b6bb072d6fb9ea8459b9042b319e Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 14 Oct 2021 20:10:21 +0000 Subject: automatic update --- data/CVE/list.2020 | 34 +++++----- data/CVE/list.2021 | 181 ++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 155 insertions(+), 60 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index ca74052c04..b9edcf3a59 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,5 @@ +CVE-2020-36485 + RESERVED CVE-2020-36484 RESERVED CVE-2020-36483 @@ -19664,8 +19666,8 @@ CVE-2020-22726 RESERVED CVE-2020-22725 RESERVED -CVE-2020-22724 - RESERVED +CVE-2020-22724 (A remote command execution vulnerability exists in add_server_service ...) + TODO: check CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhiche ...) NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...) @@ -25558,28 +25560,28 @@ CVE-2020-19966 RESERVED CVE-2020-19965 RESERVED -CVE-2020-19964 - RESERVED +CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...) + TODO: check CVE-2020-19963 RESERVED -CVE-2020-19962 - RESERVED -CVE-2020-19961 - RESERVED -CVE-2020-19960 - RESERVED -CVE-2020-19959 - RESERVED +CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...) + TODO: check +CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check +CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check +CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check CVE-2020-19958 RESERVED -CVE-2020-19957 - RESERVED +CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + TODO: check CVE-2020-19956 RESERVED CVE-2020-19955 RESERVED -CVE-2020-19954 - RESERVED +CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...) + TODO: check CVE-2020-19953 RESERVED CVE-2020-19952 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index df7c42a293..688d7aa503 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,95 @@ +CVE-2021-42392 + RESERVED +CVE-2021-42391 + RESERVED +CVE-2021-42390 + RESERVED +CVE-2021-42389 + RESERVED +CVE-2021-42388 + RESERVED +CVE-2021-42387 + RESERVED +CVE-2021-42386 + RESERVED +CVE-2021-42385 + RESERVED +CVE-2021-42384 + RESERVED +CVE-2021-42383 + RESERVED +CVE-2021-42382 + RESERVED +CVE-2021-42381 + RESERVED +CVE-2021-42380 + RESERVED +CVE-2021-42379 + RESERVED +CVE-2021-42378 + RESERVED +CVE-2021-42377 + RESERVED +CVE-2021-42376 + RESERVED +CVE-2021-42375 + RESERVED +CVE-2021-42374 + RESERVED +CVE-2021-42373 + RESERVED +CVE-2021-42372 + RESERVED +CVE-2021-42371 + RESERVED +CVE-2021-42370 + RESERVED +CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...) + TODO: check +CVE-2021-42368 + RESERVED +CVE-2021-42367 + RESERVED +CVE-2021-42366 + RESERVED +CVE-2021-42365 + RESERVED +CVE-2021-42364 + RESERVED +CVE-2021-42363 + RESERVED +CVE-2021-42362 + RESERVED +CVE-2021-42361 + RESERVED +CVE-2021-42360 + RESERVED +CVE-2021-42359 + RESERVED +CVE-2021-42358 + RESERVED +CVE-2021-42357 + RESERVED +CVE-2021-42356 + RESERVED +CVE-2021-42355 + RESERVED +CVE-2021-42354 + RESERVED +CVE-2021-42353 + RESERVED +CVE-2021-42352 + RESERVED +CVE-2021-42351 + RESERVED +CVE-2021-42350 + RESERVED +CVE-2021-42349 + RESERVED +CVE-2021-42348 + RESERVED +CVE-2021-42347 + RESERVED CVE-2021-42346 RESERVED CVE-2021-42345 @@ -180,8 +272,8 @@ CVE-2021-42264 RESERVED CVE-2021-42263 RESERVED -CVE-2021-3882 - RESERVED +CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...) + TODO: check CVE-2021-3881 RESERVED CVE-2021-3880 @@ -264,10 +356,10 @@ CVE-2021-42230 RESERVED CVE-2021-42229 RESERVED -CVE-2021-42228 - RESERVED -CVE-2021-42227 - RESERVED +CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...) + TODO: check +CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) + TODO: check CVE-2021-42226 RESERVED CVE-2021-42225 @@ -2303,7 +2395,7 @@ CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Py NOT-FOR-US: Pydio Cells CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...) NOT-FOR-US: Pydio Cells -CVE-2021-41322 (Poly VVX 400/410 through 5.3.1 allows low-privileged users to change t ...) +CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to chang ...) NOT-FOR-US: Poly VVX 400/410 CVE-2021-41321 RESERVED @@ -2701,8 +2793,8 @@ CVE-2021-41144 RESERVED CVE-2021-41143 RESERVED -CVE-2021-41142 - RESERVED +CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + TODO: check CVE-2021-41141 RESERVED CVE-2021-41140 @@ -2721,8 +2813,8 @@ CVE-2021-41135 RESERVED CVE-2021-41134 RESERVED -CVE-2021-41132 - RESERVED +CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) + TODO: check CVE-2021-41131 RESERVED CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) @@ -6876,8 +6968,8 @@ CVE-2021-39332 RESERVED CVE-2021-39331 RESERVED -CVE-2021-39330 - RESERVED +CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) + TODO: check CVE-2021-39329 RESERVED CVE-2021-39328 @@ -7311,6 +7403,7 @@ CVE-2021-39202 (WordPress is a free and open-source content management system wr - wordpress (Vulnerable code introduced later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 CVE-2021-39201 (WordPress is a free and open-source content management system written ...) + {DSA-4985-1} - wordpress 5.8.1+dfsg1-1 (bug #994059) [stretch] - wordpress (Vulnerable code added later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v @@ -9300,12 +9393,12 @@ CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected C NOT-FOR-US: WordPress plugin CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin -CVE-2021-38346 - RESERVED -CVE-2021-38345 - RESERVED -CVE-2021-38344 - RESERVED +CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authe ...) + TODO: check +CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incor ...) + TODO: check +CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerabl ...) + TODO: check CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...) NOT-FOR-US: WordPress plugin CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...) @@ -10299,8 +10392,8 @@ CVE-2021-37935 RESERVED CVE-2021-37934 RESERVED -CVE-2021-37933 - RESERVED +CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...) + TODO: check CVE-2021-37932 RESERVED CVE-2021-3681 @@ -13748,12 +13841,12 @@ CVE-2021-36391 RESERVED CVE-2021-36390 RESERVED -CVE-2021-36389 - RESERVED -CVE-2021-36388 - RESERVED -CVE-2021-36387 - RESERVED +CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...) + TODO: check +CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...) + TODO: check +CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...) + TODO: check CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...) - fetchmail 6.4.16-4 (unimportant) NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt @@ -16462,7 +16555,7 @@ CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution NOT-FOR-US: Solarwinds CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...) NOT-FOR-US: Solarwinds -CVE-2021-35214 (The vulnerability can be described as a failure to invalidate user ses ...) +CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...) NOT-FOR-US: Solarwinds CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...) NOT-FOR-US: SolarWinds @@ -21196,12 +21289,12 @@ CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi compo NOT-FOR-US: Synology CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology -CVE-2021-33179 - RESERVED -CVE-2021-33178 - RESERVED -CVE-2021-33177 - RESERVED +CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) + TODO: check +CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) + TODO: check +CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) + TODO: check CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...) NOT-FOR-US: VerneMQ MQTT Broker CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...) @@ -22724,12 +22817,12 @@ CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node. NOT-FOR-US: Node express-cart CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...) NOT-FOR-US: Speco Web Viewer -CVE-2021-32571 - RESERVED +CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) + TODO: check CVE-2021-32570 RESERVED -CVE-2021-32569 - RESERVED +CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) + TODO: check CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...) NOT-FOR-US: mrdoc CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) @@ -45737,10 +45830,10 @@ CVE-2021-22966 RESERVED CVE-2021-22965 RESERVED -CVE-2021-22964 - RESERVED -CVE-2021-22963 - RESERVED +CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version >= ...) + TODO: check +CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2 ...) + TODO: check CVE-2021-22962 RESERVED CVE-2021-22961 @@ -51409,8 +51502,8 @@ CVE-2021-20601 RESERVED CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...) NOT-FOR-US: Mitsubishi -CVE-2021-20599 - RESERVED +CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...) + TODO: check CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...) NOT-FOR-US: Mitsubishi CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...) -- cgit v1.2.3