diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-02-16 20:10:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-16 20:10:23 +0000 |
commit | ba60c32a49a504ac5418a91e72eab963195253ef (patch) | |
tree | 3926db2eedd52c5416e5fbcd20617650dbe69e5f /data/CVE/2021.list | |
parent | db79df2e3edb33a8d9972ddf8c2c82a72389a569 (diff) |
automatic update
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r-- | data/CVE/2021.list | 104 |
1 files changed, 48 insertions, 56 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index f0bd9c9362..f26728059c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,5 +1,5 @@ CVE-2021-4220 - RESERVED + REJECTED CVE-2021-4219 RESERVED CVE-2021-46687 @@ -689,8 +689,8 @@ CVE-2021-46390 RESERVED CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) NOT-FOR-US: IIPImage High Resolution Streaming Image Server -CVE-2021-46388 - RESERVED +CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...) + TODO: check CVE-2021-46387 RESERVED CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...) @@ -3228,6 +3228,7 @@ CVE-2021-45446 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...) NOT-FOR-US: Unisys CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...) + {DSA-5078-1} - zsh 5.8.1-1 NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/ @@ -3350,8 +3351,8 @@ CVE-2021-45393 RESERVED CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) NOT-FOR-US: Tenda -CVE-2021-45391 - RESERVED +CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) + TODO: check CVE-2021-45390 RESERVED CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...) @@ -4024,8 +4025,8 @@ CVE-2021-4135 [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6) NOTE: CONFIG_NETDEVSIM is not set in Debian -CVE-2021-4134 - RESERVED +CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...) + TODO: check CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...) NOT-FOR-US: Keycloak CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) @@ -4820,8 +4821,8 @@ CVE-2021-44834 RESERVED CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: yetiforcecrm -CVE-2021-4106 - RESERVED +CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...) + TODO: check CVE-2021-4105 RESERVED CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...) @@ -14985,8 +14986,7 @@ CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During W NOT-FOR-US: yourls CVE-2021-3782 RESERVED -CVE-2021-3781 [Include device specifier strings in access validation] - RESERVED +CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...) {DSA-4972-1} - ghostscript 9.53.3~dfsg-8 (bug #994011) [buster] - ghostscript <not-affected> (Vulnerable code introduced later) @@ -15691,8 +15691,7 @@ CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: ShowDoc CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...) NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch -CVE-2021-3773 - RESERVED +CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...) NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3 NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html TODO: fill in tracking details @@ -16137,8 +16136,7 @@ CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into - cfrpki 1.3.0-1 (bug #994572) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 -CVE-2021-3760 - RESERVED +CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...) {DLA-2843-1} - linux 5.14.16-1 (unimportant) [bullseye] - linux 5.10.84-1 @@ -16218,14 +16216,12 @@ CVE-2021-3755 REJECTED CVE-2021-3754 RESERVED -CVE-2021-3753 - RESERVED +CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 -CVE-2021-3752 - RESERVED +CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel’s Bluetooth ...) - linux 5.15.3-1 [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4 @@ -18628,16 +18624,16 @@ CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, NOT-FOR-US: Jamf Pro CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) NOT-FOR-US: MISP -CVE-2021-39301 - RESERVED -CVE-2021-39300 - RESERVED -CVE-2021-39299 - RESERVED -CVE-2021-39298 - RESERVED -CVE-2021-39297 - RESERVED +CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check +CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + TODO: check CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...) NOT-FOR-US: OpenBMC CVE-2021-39295 @@ -25007,7 +25003,7 @@ CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex On CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...) NOT-FOR-US: Trend Micro CVE-2021-3648 - RESERVED + REJECTED - binutils <unfixed> (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968 NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935 @@ -31733,8 +31729,7 @@ CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in ges NOT-FOR-US: Cartadis Gespage CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...) NOT-FOR-US: Bitdefender -CVE-2021-3578 [possible remote code execution in isync/mbsync] - RESERVED +CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...) - isync 1.3.0-2.2 (bug #989564) [buster] - isync 1.3.0-2.2~deb10u1 [stretch] - isync <no-dsa> (Minor issue) @@ -32553,8 +32548,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed NOTE: https://sourceforge.net/p/mcj/tickets/116/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/ NOTE: Depends on CVE-2019-19797 fix -CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()] - RESERVED +CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...) - policykit-1 0.105-31 (bug #989429) [buster] - policykit-1 <not-affected> (Vulnerable code introduced later) [stretch] - policykit-1 <not-affected> (Vulnerable code introduced later) @@ -33167,8 +33161,7 @@ CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices A CVE-2021-3558 RESERVED - moodle <removed> -CVE-2021-3557 - RESERVED +CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...) NOT-FOR-US: Argo CD CVE-2021-3556 REJECTED @@ -33867,8 +33860,7 @@ CVE-2021-32927 RESERVED CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...) NOT-FOR-US: Rockwell Automation -CVE-2021-3551 - RESERVED +CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...) - dogtag-pki 10.10.6-1 (bug #991665) [bullseye] - dogtag-pki <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971 @@ -49413,8 +49405,8 @@ CVE-2021-26728 RESERVED CVE-2021-26727 RESERVED -CVE-2021-26726 - RESERVED +CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...) + TODO: check CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...) NOT-FOR-US: Nozomi Networks Guardian CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...) @@ -56721,8 +56713,8 @@ CVE-2021-23684 RESERVED CVE-2021-23683 RESERVED -CVE-2021-23682 - RESERVED +CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...) + TODO: check CVE-2021-23681 RESERVED CVE-2021-23680 @@ -60355,8 +60347,8 @@ CVE-2021-22052 RESERVED CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...) NOT-FOR-US: Spring Cloud Gateway -CVE-2021-22050 - RESERVED +CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...) + TODO: check CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...) NOT-FOR-US: VMware CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...) @@ -60369,14 +60361,14 @@ CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before NOT-FOR-US: VMware CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...) NOT-FOR-US: Spring Cloud OpenFeign -CVE-2021-22043 - RESERVED -CVE-2021-22042 - RESERVED -CVE-2021-22041 - RESERVED -CVE-2021-22040 - RESERVED +CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...) + TODO: check +CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...) + TODO: check +CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...) + TODO: check +CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...) + TODO: check CVE-2021-22039 RESERVED CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...) @@ -60545,8 +60537,8 @@ CVE-2021-21968 (A file write vulnerability exists in the OTA update task functio NOT-FOR-US: Sealevel Systems CVE-2021-21967 RESERVED -CVE-2021-21966 - RESERVED +CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...) + TODO: check CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...) NOT-FOR-US: Sealevel Systems CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...) @@ -60561,8 +60553,8 @@ CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the L NOT-FOR-US: Sealevel Systems CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...) NOT-FOR-US: Sealevel Systems -CVE-2021-21958 - RESERVED +CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...) + TODO: check CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...) NOT-FOR-US: Dream Report ODS Remote Connector CVE-2021-21956 |