diff options
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r-- | data/CVE/2021.list | 235 |
1 files changed, 142 insertions, 93 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index fd3f0e172f..80cedad9c6 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,45 @@ +CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...) + NOT-FOR-US: MSI Dragon Center +CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...) + NOT-FOR-US: SonLogger +CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...) + NOT-FOR-US: SonLogger +CVE-2021-27962 + RESERVED +CVE-2021-27961 + RESERVED +CVE-2021-27960 + RESERVED +CVE-2021-27959 + RESERVED +CVE-2021-27958 + RESERVED +CVE-2021-27957 + RESERVED +CVE-2021-27956 + RESERVED +CVE-2021-27955 + RESERVED +CVE-2021-27954 + RESERVED +CVE-2021-27953 + RESERVED +CVE-2021-27952 + RESERVED +CVE-2021-27951 + RESERVED +CVE-2021-27950 + RESERVED +CVE-2021-27949 + RESERVED +CVE-2021-27948 + RESERVED +CVE-2021-27947 + RESERVED +CVE-2021-27946 + RESERVED +CVE-2021-27945 + RESERVED CVE-2021-XXXX [XSA 369] - linux <unfixed> (unimportant) [buster] - linux <not-affected> (Vulnerable code introduced later) @@ -1330,8 +1372,8 @@ CVE-2021-27316 RESERVED CVE-2021-27315 RESERVED -CVE-2021-27314 - RESERVED +CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...) + NOT-FOR-US: doctor appointment system CVE-2021-27313 RESERVED CVE-2021-27312 @@ -1524,8 +1566,8 @@ CVE-2021-27221 RESERVED CVE-2021-27220 RESERVED -CVE-2021-27217 - RESERVED +CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) + TODO: check CVE-2021-27216 RESERVED CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...) @@ -2025,10 +2067,10 @@ CVE-2021-26991 RESERVED CVE-2021-26990 RESERVED -CVE-2021-26989 - RESERVED -CVE-2021-26988 - RESERVED +CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...) + NOT-FOR-US: Clustered Data ONTAP CVE-2021-26987 RESERVED CVE-2021-26986 @@ -2141,14 +2183,12 @@ CVE-2021-23217 RESERVED CVE-2021-23201 RESERVED -CVE-2021-3404 - RESERVED +CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...) - libytnef 1.9.3-3 (bug #982596) [buster] - libytnef <no-dsa> (Minor issue) [stretch] - libytnef <no-dsa> (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/86 -CVE-2021-3403 - RESERVED +CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows ...) - libytnef 1.9.3-3 (bug #982594) [buster] - libytnef <no-dsa> (Minor issue) [stretch] - libytnef <no-dsa> (Minor issue) @@ -2354,13 +2394,12 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ -CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed] - RESERVED - {DSA-4859-1 DLA-2573-1} +CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...) + {DSA-4859-1} - libzstd 1.4.8+dfsg-2 (bug #982519) + [stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied) NOTE: https://github.com/facebook/zstd/issues/2491 -CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed] - RESERVED +CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...) {DSA-4850-1 DLA-2573-1} - libzstd 1.4.8+dfsg-1 (bug #981404) NOTE: https://github.com/facebook/zstd/issues/1630 @@ -3700,8 +3739,8 @@ CVE-2021-3327 RESERVED CVE-2021-26294 RESERVED -CVE-2021-26293 - RESERVED +CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...) + TODO: check CVE-2021-26292 RESERVED CVE-2021-26291 @@ -4318,12 +4357,12 @@ CVE-2021-26031 RESERVED CVE-2021-26030 RESERVED -CVE-2021-26029 - RESERVED -CVE-2021-26028 - RESERVED -CVE-2021-26027 - RESERVED +CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...) + NOT-FOR-US: Joomla! +CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...) + NOT-FOR-US: Joomla! +CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...) + NOT-FOR-US: Joomla! CVE-2021-3287 RESERVED CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...) @@ -5904,42 +5943,42 @@ CVE-2021-25350 RESERVED CVE-2021-25349 RESERVED -CVE-2021-25348 - RESERVED -CVE-2021-25347 - RESERVED -CVE-2021-25346 - RESERVED -CVE-2021-25345 - RESERVED -CVE-2021-25344 - RESERVED -CVE-2021-25343 - RESERVED -CVE-2021-25342 - RESERVED -CVE-2021-25341 - RESERVED -CVE-2021-25340 - RESERVED -CVE-2021-25339 - RESERVED -CVE-2021-25338 - RESERVED -CVE-2021-25337 - RESERVED -CVE-2021-25336 - RESERVED -CVE-2021-25335 - RESERVED -CVE-2021-25334 - RESERVED -CVE-2021-25333 - RESERVED -CVE-2021-25332 - RESERVED -CVE-2021-25331 - RESERVED +CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...) + NOT-FOR-US: Samsung Internet +CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...) + NOT-FOR-US: Samsung Email application +CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...) + TODO: check +CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...) + TODO: check +CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021 ...) + TODO: check +CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...) + TODO: check +CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...) + TODO: check +CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...) + TODO: check +CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...) + TODO: check +CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + NOT-FOR-US: Samsung Pay mini application +CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + NOT-FOR-US: Samsung Pay mini application +CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + NOT-FOR-US: Samsung Pay mini application CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...) NOT-FOR-US: MobileWips application CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) @@ -10255,12 +10294,12 @@ CVE-2021-23348 RESERVED CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 ...) NOT-FOR-US: argo-cd -CVE-2021-23346 - RESERVED +CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...) + TODO: check CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...) TODO: check -CVE-2021-23344 - RESERVED +CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...) + TODO: check CVE-2021-23343 RESERVED CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...) @@ -10679,20 +10718,20 @@ CVE-2021-23134 RESERVED CVE-2021-23133 RESERVED -CVE-2021-23132 - RESERVED -CVE-2021-23131 - RESERVED -CVE-2021-23130 - RESERVED -CVE-2021-23129 - RESERVED -CVE-2021-23128 - RESERVED -CVE-2021-23127 - RESERVED -CVE-2021-23126 - RESERVED +CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...) + NOT-FOR-US: Joomla! +CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...) + NOT-FOR-US: Joomla! +CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...) + NOT-FOR-US: Joomla! +CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...) + NOT-FOR-US: Joomla! +CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...) + NOT-FOR-US: Joomla! +CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...) + NOT-FOR-US: Joomla! +CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the ...) + NOT-FOR-US: Joomla! CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...) NOT-FOR-US: Joomla! CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...) @@ -12390,7 +12429,7 @@ CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. NOT-FOR-US: Huawei CVE-2021-22297 RESERVED -CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attack ...) +CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...) NOT-FOR-US: HarmonyOS CVE-2021-22295 RESERVED @@ -12604,8 +12643,8 @@ CVE-2021-22191 RESERVED CVE-2021-22190 RESERVED -CVE-2021-22189 - RESERVED +CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...) + TODO: check CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...) TODO: check CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...) @@ -12616,8 +12655,8 @@ CVE-2021-22185 RESERVED CVE-2021-22184 RESERVED -CVE-2021-22183 - RESERVED +CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...) + TODO: check CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...) TODO: check CVE-2021-22181 @@ -12754,8 +12793,8 @@ CVE-2021-22130 RESERVED CVE-2021-22129 RESERVED -CVE-2021-22128 - RESERVED +CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...) + NOT-FOR-US: FortiProxy SSL VPN portal CVE-2021-22127 RESERVED CVE-2021-22126 @@ -16586,10 +16625,10 @@ CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulne NOT-FOR-US: IBM CVE-2021-20352 RESERVED -CVE-2021-20351 - RESERVED -CVE-2021-20350 - RESERVED +CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM CVE-2021-20349 RESERVED CVE-2021-20348 @@ -16608,8 +16647,8 @@ CVE-2021-20342 RESERVED CVE-2021-20341 RESERVED -CVE-2021-20340 - RESERVED +CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM CVE-2021-20339 RESERVED CVE-2021-20338 @@ -16756,12 +16795,22 @@ CVE-2021-20269 RESERVED CVE-2021-20268 RESERVED + - linux 5.10.12-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/ + NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b CVE-2021-20267 RESERVED + - neutron <unfixed> + NOTE: https://bugs.launchpad.net/neutron/+bug/1902917 + NOTE: https://review.opendev.org/c/openstack/neutron/+/776599 CVE-2021-20266 RESERVED -CVE-2021-20265 +CVE-2021-20265 [increase slab leak leads to DoS] RESERVED + - linux 4.4.4-1 + NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3) CVE-2021-20264 RESERVED CVE-2021-20263 |