diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-01-26 20:10:21 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-26 20:10:21 +0000 |
| commit | 35be49c9d0b4ab2b6142975cc40e6b09f9be942b (patch) | |
| tree | aee87374ebb2bf8d8ca5ddc11c93b4316df9d1e8 /data/CVE/2021.list | |
| parent | 197bd10a0d0ddbf719e21b02d9ead42ae3c8b278 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2021.list')
| -rw-r--r-- | data/CVE/2021.list | 89 |
1 files changed, 45 insertions, 44 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 9bc4ae883a..1aa843e379 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,5 @@ +CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) + TODO: check CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) NOT-FOR-US: Moxa CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) @@ -368,14 +370,14 @@ CVE-2021-46388 RESERVED CVE-2021-46387 RESERVED -CVE-2021-46386 - RESERVED -CVE-2021-46385 - RESERVED +CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...) + TODO: check +CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...) + TODO: check CVE-2021-46384 RESERVED -CVE-2021-46383 - RESERVED +CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...) + TODO: check CVE-2021-46382 RESERVED CVE-2021-46381 @@ -941,13 +943,13 @@ CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, NOTE: https://github.com/libexpat/libexpat/pull/538 NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) - {DLA-2883-1} + {DSA-5063-1 DLA-2883-1} - uriparser 0.9.6+dfsg-1 NOTE: https://github.com/uriparser/uriparser/issues/122 NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6) NOTE: https://github.com/uriparser/uriparser/pull/124 CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) - {DLA-2883-1} + {DSA-5063-1 DLA-2883-2 DLA-2883-1} - uriparser 0.9.6+dfsg-1 NOTE: https://github.com/uriparser/uriparser/issues/121 NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6) @@ -1023,16 +1025,16 @@ CVE-2021-46120 RESERVED CVE-2021-46119 RESERVED -CVE-2021-46118 - RESERVED -CVE-2021-46117 - RESERVED -CVE-2021-46116 - RESERVED -CVE-2021-46115 - RESERVED -CVE-2021-46114 - RESERVED +CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + TODO: check +CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + TODO: check +CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...) + TODO: check +CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...) + TODO: check +CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...) + TODO: check CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...) NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source CVE-2021-46112 @@ -1371,8 +1373,8 @@ CVE-2021-45977 RESERVED CVE-2021-45976 RESERVED -CVE-2021-45975 - RESERVED +CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...) + TODO: check CVE-2021-45974 RESERVED CVE-2021-45973 @@ -4840,8 +4842,8 @@ CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()] NOTE: https://github.com/latchset/tang/pull/81 NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8) NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11) -CVE-2021-44692 - RESERVED +CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...) + TODO: check CVE-2021-44691 RESERVED CVE-2021-44690 @@ -6360,18 +6362,18 @@ CVE-2021-44125 RESERVED CVE-2021-44124 RESERVED -CVE-2021-44123 - RESERVED -CVE-2021-44122 - RESERVED +CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...) + TODO: check +CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...) + TODO: check CVE-2021-44121 RESERVED -CVE-2021-44120 - RESERVED +CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2021-44119 RESERVED -CVE-2021-44118 - RESERVED +CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...) + TODO: check CVE-2021-44117 RESERVED CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...) @@ -8455,8 +8457,8 @@ CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF f NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43335 RESERVED -CVE-2021-43334 - RESERVED +CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...) + TODO: check CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) NOT-FOR-US: Datalogic CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) @@ -12176,8 +12178,7 @@ CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a priva NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6 CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...) NOT-FOR-US: openwhyd -CVE-2021-41766 - RESERVED +CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...) - apache-karaf <itp> (bug #881297) CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...) - dbeaver <itp> (bug #680987) @@ -41382,10 +41383,10 @@ CVE-2021-29848 RESERVED CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...) NOT-FOR-US: IBM -CVE-2021-29846 - RESERVED -CVE-2021-29845 - RESERVED +CVE-2021-29846 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...) + TODO: check +CVE-2021-29845 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...) + TODO: check CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...) NOT-FOR-US: IBM CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...) @@ -41398,8 +41399,8 @@ CVE-2021-29840 RESERVED CVE-2021-29839 RESERVED -CVE-2021-29838 - RESERVED +CVE-2021-29838 (IBM Security Guardium Insights 3.0 could allow a remote attacker to ob ...) + TODO: check CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) NOT-FOR-US: IBM CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...) @@ -58520,8 +58521,8 @@ CVE-2021-22602 RESERVED CVE-2021-22601 RESERVED -CVE-2021-22600 - RESERVED +CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...) + TODO: check CVE-2021-22599 RESERVED CVE-2021-22598 @@ -58580,8 +58581,8 @@ CVE-2021-22572 RESERVED CVE-2021-22571 RESERVED -CVE-2021-22570 - RESERVED +CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...) + TODO: check CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...) [experimental] - protobuf 3.19.3-1 - protobuf <unfixed> |