automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-16 20:10:23 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-16 20:10:23 +0000
commit: ba60c32a49a504ac5418a91e72eab963195253ef (patch)
tree: 3926db2eedd52c5416e5fbcd20617650dbe69e5f /data/CVE/2021.list
parent: db79df2e3edb33a8d9972ddf8c2c82a72389a569 (diff)
1 files changed, 48 insertions, 56 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f0bd9c9362..f26728059c 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,5 +1,5 @@
 CVE-2021-4220
-	RESERVED
+	REJECTED
 CVE-2021-4219
 	RESERVED
 CVE-2021-46687
@@ -689,8 +689,8 @@ CVE-2021-46390
 	RESERVED
 CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
 	NOT-FOR-US: IIPImage High Resolution Streaming Image Server
-CVE-2021-46388
-	RESERVED
+CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...)
+	TODO: check
 CVE-2021-46387
 	RESERVED
 CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: File U ...)
@@ -3228,6 +3228,7 @@ CVE-2021-45446
 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
 	NOT-FOR-US: Unisys
 CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
+	{DSA-5078-1}
 	- zsh 5.8.1-1
 	NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
 	NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
@@ -3350,8 +3351,8 @@ CVE-2021-45393
 	RESERVED
 CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
 	NOT-FOR-US: Tenda
-CVE-2021-45391
-	RESERVED
+CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+	TODO: check
 CVE-2021-45390
 	RESERVED
 CVE-2021-45389 (StarWind SAN &amp; NAS build 1578 and StarWind Command Center Build 68 ...)
@@ -4024,8 +4025,8 @@ CVE-2021-4135
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
 	NOTE: CONFIG_NETDEVSIM is not set in Debian
-CVE-2021-4134
-	RESERVED
+CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...)
+	TODO: check
 CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
 	NOT-FOR-US: Keycloak
 CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
@@ -4820,8 +4821,8 @@ CVE-2021-44834
 	RESERVED
 CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: yetiforcecrm
-CVE-2021-4106
-	RESERVED
+CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...)
+	TODO: check
 CVE-2021-4105
 	RESERVED
 CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
@@ -14985,8 +14986,7 @@ CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During W
 	NOT-FOR-US: yourls
 CVE-2021-3782
 	RESERVED
-CVE-2021-3781 [Include device specifier strings in access validation]
-	RESERVED
+CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was  ...)
 	{DSA-4972-1}
 	- ghostscript 9.53.3~dfsg-8 (bug #994011)
 	[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -15691,8 +15691,7 @@ CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: ShowDoc
 CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
 	NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
-CVE-2021-3773
-	RESERVED
+CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer  ...)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
 	NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
 	TODO: fill in tracking details
@@ -16137,8 +16136,7 @@ CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into
 	- cfrpki 1.3.0-1 (bug #994572)
 	NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
 	NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
-CVE-2021-3760
-	RESERVED
+CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...)
 	{DLA-2843-1}
 	- linux 5.14.16-1 (unimportant)
 	[bullseye] - linux 5.10.84-1
@@ -16218,14 +16216,12 @@ CVE-2021-3755
 	REJECTED
 CVE-2021-3754
 	RESERVED
-CVE-2021-3753
-	RESERVED
+CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...)
 	{DSA-4978-1 DLA-2843-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
-CVE-2021-3752
-	RESERVED
+CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel&#8217;s Bluetooth  ...)
 	- linux 5.15.3-1
 	[bullseye] - linux 5.10.84-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
@@ -18628,16 +18624,16 @@ CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability,
 	NOT-FOR-US: Jamf Pro
 CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the  ...)
 	NOT-FOR-US: MISP
-CVE-2021-39301
-	RESERVED
-CVE-2021-39300
-	RESERVED
-CVE-2021-39299
-	RESERVED
-CVE-2021-39298
-	RESERVED
-CVE-2021-39297
-	RESERVED
+CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
+CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+	TODO: check
 CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
 	NOT-FOR-US: OpenBMC
 CVE-2021-39295
@@ -25007,7 +25003,7 @@ CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex On
 CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-3648
-	RESERVED
+	REJECTED
 	- binutils <unfixed> (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100968
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935
@@ -31733,8 +31729,7 @@ CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in ges
 	NOT-FOR-US: Cartadis Gespage
 CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
 	NOT-FOR-US: Bitdefender
-CVE-2021-3578 [possible remote code execution in isync/mbsync]
-	RESERVED
+CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
 	- isync 1.3.0-2.2 (bug #989564)
 	[buster] - isync 1.3.0-2.2~deb10u1
 	[stretch] - isync <no-dsa> (Minor issue)
@@ -32553,8 +32548,7 @@ CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed
 	NOTE: https://sourceforge.net/p/mcj/tickets/116/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
 	NOTE: Depends on CVE-2019-19797 fix
-CVE-2021-3560 [local privilege escalation using polkit_system_bus_name_get_creds_sync()]
-	RESERVED
+CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...)
 	- policykit-1 0.105-31 (bug #989429)
 	[buster] - policykit-1 <not-affected> (Vulnerable code introduced later)
 	[stretch] - policykit-1 <not-affected> (Vulnerable code introduced later)
@@ -33167,8 +33161,7 @@ CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices A
 CVE-2021-3558
 	RESERVED
 	- moodle <removed>
-CVE-2021-3557
-	RESERVED
+CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...)
 	NOT-FOR-US: Argo CD
 CVE-2021-3556
 	REJECTED
@@ -33867,8 +33860,7 @@ CVE-2021-32927
 	RESERVED
 CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
 	NOT-FOR-US: Rockwell Automation
-CVE-2021-3551
-	RESERVED
+CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when  ...)
 	- dogtag-pki 10.10.6-1 (bug #991665)
 	[bullseye] - dogtag-pki <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971
@@ -49413,8 +49405,8 @@ CVE-2021-26728
 	RESERVED
 CVE-2021-26727
 	RESERVED
-CVE-2021-26726
-	RESERVED
+CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
+	TODO: check
 CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
 	NOT-FOR-US: Nozomi Networks Guardian
 CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
@@ -56721,8 +56713,8 @@ CVE-2021-23684
 	RESERVED
 CVE-2021-23683
 	RESERVED
-CVE-2021-23682
-	RESERVED
+CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...)
+	TODO: check
 CVE-2021-23681
 	RESERVED
 CVE-2021-23680
@@ -60355,8 +60347,8 @@ CVE-2021-22052
 	RESERVED
 CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
 	NOT-FOR-US: Spring Cloud Gateway
-CVE-2021-22050
-	RESERVED
+CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...)
+	TODO: check
 CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
 	NOT-FOR-US: VMware
 CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
@@ -60369,14 +60361,14 @@ CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before
 	NOT-FOR-US: VMware
 CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
 	NOT-FOR-US: Spring Cloud OpenFeign
-CVE-2021-22043
-	RESERVED
-CVE-2021-22042
-	RESERVED
-CVE-2021-22041
-	RESERVED
-CVE-2021-22040
-	RESERVED
+CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...)
+	TODO: check
+CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...)
+	TODO: check
+CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...)
+	TODO: check
+CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+	TODO: check
 CVE-2021-22039
 	RESERVED
 CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary  ...)
@@ -60545,8 +60537,8 @@ CVE-2021-21968 (A file write vulnerability exists in the OTA update task functio
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21967
 	RESERVED
-CVE-2021-21966
-	RESERVED
+CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
+	TODO: check
 CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
@@ -60561,8 +60553,8 @@ CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the L
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
 	NOT-FOR-US: Sealevel Systems
-CVE-2021-21958
-	RESERVED
+CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...)
+	TODO: check
 CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
 	NOT-FOR-US: Dream Report ODS Remote Connector
 CVE-2021-21956
author	security tracker role <sectracker@soriano.debian.org>	2022-02-16 20:10:23 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-16 20:10:23 +0000
commit	ba60c32a49a504ac5418a91e72eab963195253ef (patch)
tree	3926db2eedd52c5416e5fbcd20617650dbe69e5f /data/CVE/2021.list
parent	db79df2e3edb33a8d9972ddf8c2c82a72389a569 (diff)