From 62a16b79eb66bcaf78f2cb70729b456c2862fa99 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 15 Nov 2021 20:10:23 +0000 Subject: automatic update --- data/CVE/2020.list | 36 ++++++------------ data/CVE/2021.list | 107 ++++++++++++++++++++++++++++------------------------- data/CVE/2022.list | 20 ++++++++++ 3 files changed, 88 insertions(+), 75 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6a9f40f661..633da843b4 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -41943,11 +41943,9 @@ CVE-2020-12966 RESERVED CVE-2020-12965 RESERVED -CVE-2020-12964 - RESERVED +CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...) NOT-FOR-US: Intel / AMD -CVE-2020-12963 - RESERVED +CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) NOT-FOR-US: Intel / AMD CVE-2020-12962 RESERVED @@ -42017,8 +42015,7 @@ CVE-2020-12931 RESERVED CVE-2020-12930 RESERVED -CVE-2020-12929 - RESERVED +CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...) NOT-FOR-US: AMD CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...) NOT-FOR-US: AMD Ryzen Master @@ -42036,8 +42033,7 @@ CVE-2020-12922 REJECTED CVE-2020-12921 REJECTED -CVE-2020-12920 - RESERVED +CVE-2020-12920 (A potential denial of service issue exists in the AMD Display driver E ...) NOT-FOR-US: AMD CVE-2020-12919 REJECTED @@ -42076,34 +42072,27 @@ CVE-2020-12906 CVE-2020-12905 RESERVED NOT-FOR-US: Intel / AMD -CVE-2020-12904 - RESERVED +CVE-2020-12904 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...) NOT-FOR-US: Intel / AMD CVE-2020-12903 RESERVED NOT-FOR-US: Intel / AMD -CVE-2020-12902 - RESERVED +CVE-2020-12902 (Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Wi ...) NOT-FOR-US: Intel / AMD CVE-2020-12901 RESERVED NOT-FOR-US: Intel / AMD -CVE-2020-12900 - RESERVED +CVE-2020-12900 (An arbitrary write vulnerability in the AMD Radeon Graphics Driver for ...) NOT-FOR-US: Intel / AMD -CVE-2020-12899 - RESERVED +CVE-2020-12899 (Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR ...) NOT-FOR-US: Intel / AMD -CVE-2020-12898 - RESERVED +CVE-2020-12898 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead t ...) NOT-FOR-US: Intel / AMD -CVE-2020-12897 - RESERVED +CVE-2020-12897 (Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 m ...) NOT-FOR-US: Intel / AMD CVE-2020-12896 REJECTED -CVE-2020-12895 - RESERVED +CVE-2020-12895 (Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x1 ...) NOT-FOR-US: Intel / AMD CVE-2020-12894 RESERVED @@ -42111,8 +42100,7 @@ CVE-2020-12894 CVE-2020-12893 RESERVED NOT-FOR-US: Intel / AMD -CVE-2020-12892 - RESERVED +CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...) NOT-FOR-US: Intel / AMD CVE-2020-12891 RESERVED diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 94209f94a0..1e5cd4e894 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,9 @@ +CVE-2021-3960 + RESERVED +CVE-2021-3959 + RESERVED +CVE-2021-3958 + RESERVED CVE-2021-43745 RESERVED CVE-2021-43744 @@ -399,8 +405,8 @@ CVE-2021-3943 RESERVED CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...) NOT-FOR-US: KNX ETS6 -CVE-2021-43574 - RESERVED +CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 ...) + TODO: check CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...) NOT-FOR-US: Realtek CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...) @@ -596,8 +602,8 @@ CVE-2021-43497 RESERVED CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...) NOT-FOR-US: Clustering -CVE-2021-43495 - RESERVED +CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) + TODO: check CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...) NOT-FOR-US: OpenCV-REST-API CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...) @@ -2064,10 +2070,10 @@ CVE-2021-42841 RESERVED CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...) NOT-FOR-US: SuiteCRM -CVE-2021-42839 - RESERVED -CVE-2021-42838 - RESERVED +CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...) + TODO: check +CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...) + TODO: check CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...) NOT-FOR-US: Talend Data Catalog CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...) @@ -2362,14 +2368,14 @@ CVE-2021-42708 RESERVED CVE-2021-42707 RESERVED -CVE-2021-42706 - RESERVED +CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...) + TODO: check CVE-2021-42705 RESERVED CVE-2021-42704 RESERVED -CVE-2021-42703 - RESERVED +CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...) + TODO: check CVE-2021-42702 RESERVED CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...) @@ -2614,8 +2620,8 @@ CVE-2021-42582 RESERVED CVE-2021-42581 RESERVED -CVE-2021-42580 - RESERVED +CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...) + TODO: check CVE-2021-42579 RESERVED CVE-2021-42578 @@ -4112,10 +4118,10 @@ CVE-2021-41953 RESERVED CVE-2021-41952 RESERVED -CVE-2021-41951 - RESERVED -CVE-2021-41950 - RESERVED +CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...) + TODO: check +CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...) + TODO: check CVE-2021-41949 RESERVED CVE-2021-41948 @@ -4576,8 +4582,8 @@ CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code NOT-FOR-US: Integria IMS CVE-2021-3831 RESERVED -CVE-2021-41765 - RESERVED +CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...) + TODO: check CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...) NOT-FOR-US: Streama CVE-2021-41763 @@ -5640,8 +5646,8 @@ CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclo NOT-FOR-US: ECOA BAS controller CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...) NOT-FOR-US: ECOA BAS controller -CVE-2021-41289 - RESERVED +CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...) + TODO: check CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41287 @@ -7039,7 +7045,7 @@ CVE-2021-40692 CVE-2021-40691 RESERVED CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) - {DLA-2767-1} + {DSA-5010-1 DLA-2767-1} - libxml-security-java 2.1.7-1 (bug #994569) NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) @@ -10574,8 +10580,8 @@ CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. NOT-FOR-US: Nextcloud OfficeOnline CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) NOT-FOR-US: Nextcloud Richdocuments -CVE-2021-39222 - RESERVED +CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + TODO: check CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) NOT-FOR-US: Nextcloud Contacts CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) @@ -11138,28 +11144,28 @@ CVE-2021-38986 RESERVED CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) NOT-FOR-US: IBM -CVE-2021-38984 - RESERVED -CVE-2021-38983 - RESERVED -CVE-2021-38982 - RESERVED -CVE-2021-38981 - RESERVED +CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) + TODO: check +CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) + TODO: check +CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...) + TODO: check +CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + TODO: check CVE-2021-38980 RESERVED -CVE-2021-38979 - RESERVED -CVE-2021-38978 - RESERVED -CVE-2021-38977 - RESERVED -CVE-2021-38976 - RESERVED -CVE-2021-38975 - RESERVED -CVE-2021-38974 - RESERVED +CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...) + TODO: check +CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + TODO: check +CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...) + TODO: check +CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user ...) + TODO: check +CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + TODO: check +CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + TODO: check CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) NOT-FOR-US: IBM CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) @@ -20420,10 +20426,10 @@ CVE-2021-34994 RESERVED CVE-2021-34993 RESERVED -CVE-2021-34992 - RESERVED -CVE-2021-34991 - RESERVED +CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check CVE-2021-34990 RESERVED CVE-2021-34989 @@ -49309,8 +49315,7 @@ CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores - nodejs 12.22.7~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960 -CVE-2021-22959 [HTTP Request Smuggling due to spaced in headers] - RESERVED +CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the heade ...) - nodejs 12.22.7~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index dd77b975de..9f370dc1c0 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,23 @@ +CVE-2022-21216 + RESERVED +CVE-2022-21204 + RESERVED +CVE-2022-21200 + RESERVED +CVE-2022-21174 + RESERVED +CVE-2022-21157 + RESERVED +CVE-2022-21153 + RESERVED +CVE-2022-21151 + RESERVED +CVE-2022-21138 + RESERVED +CVE-2022-21136 + RESERVED +CVE-2022-21131 + RESERVED CVE-2022-21220 RESERVED CVE-2022-21207 -- cgit v1.2.3