From 02fbcf070d5b337df8666998553f8adbbd9ca4ca Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 19 Nov 2021 08:10:13 +0000 Subject: automatic update --- data/CVE/2019.list | 2 ++ data/CVE/2021.list | 56 ++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 46 insertions(+), 12 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index aeccb21cd1..b18cec1588 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -37537,9 +37537,11 @@ CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Goog CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susc ...) NOT-FOR-US: Keybase on MacOS CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...) + {DLA-2822-1} - netkit-rsh 0.17-20 (bug #920486) [jessie] - netkit-rsh (Minor issue) CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...) + {DLA-2822-1} - netkit-rsh 0.17-20 (bug #920486) [jessie] - netkit-rsh (Minor issue) CVE-2019-7248 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 699e2cff4c..9fcaf6bd38 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,35 @@ +CVE-2021-44034 + RESERVED +CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...) + TODO: check +CVE-2021-44032 + RESERVED +CVE-2021-44031 + RESERVED +CVE-2021-44030 + RESERVED +CVE-2021-44029 + RESERVED +CVE-2021-44028 + RESERVED +CVE-2021-44027 + RESERVED +CVE-2021-44024 + RESERVED +CVE-2021-44023 + RESERVED +CVE-2021-44022 + RESERVED +CVE-2021-44021 + RESERVED +CVE-2021-44020 + RESERVED +CVE-2021-44019 + RESERVED +CVE-2021-3978 + RESERVED +CVE-2021-3977 + RESERVED CVE-2021-44018 RESERVED CVE-2021-44017 @@ -42,12 +74,12 @@ CVE-2021-3976 RESERVED CVE-2021-3975 RESERVED -CVE-2021-44025 [XSS issue in handling attachment filename extension in mimetype mismatch warning] +CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...) - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/issues/8193 NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17) -CVE-2021-44026 [SQL injection via some session variables] +CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...) - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) @@ -6278,8 +6310,8 @@ CVE-2021-41280 RESERVED CVE-2021-41279 RESERVED -CVE-2021-41278 - RESERVED +CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...) + TODO: check CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...) NOT-FOR-US: Metabase CVE-2021-41276 @@ -9059,12 +9091,12 @@ CVE-2021-40133 RESERVED CVE-2021-40132 RESERVED -CVE-2021-40131 - RESERVED -CVE-2021-40130 - RESERVED -CVE-2021-40129 - RESERVED +CVE-2021-40131 (A vulnerability in the web-based management interface of Cisco Common ...) + TODO: check +CVE-2021-40130 (A vulnerability in the web application of Cisco Common Services Platfo ...) + TODO: check +CVE-2021-40129 (A vulnerability in the configuration dashboard of Cisco Common Service ...) + TODO: check CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...) NOT-FOR-US: Cisco CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...) @@ -15747,8 +15779,8 @@ CVE-2021-37324 RESERVED CVE-2021-37323 RESERVED -CVE-2021-37322 - RESERVED +CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...) + TODO: check CVE-2021-37321 RESERVED CVE-2021-37320 -- cgit v1.2.3