From 0a291d64ecff07a713a290136a9c9c46dfc80207 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 16 Nov 2021 20:10:23 +0000 Subject: automatic update --- data/CVE/2020.list | 28 +++++----- data/CVE/2021.list | 150 +++++++++++++++++++++++++++++------------------------ 2 files changed, 96 insertions(+), 82 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index d89fd5c289..11e270a1f9 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -22160,8 +22160,8 @@ CVE-2020-21641 RESERVED CVE-2020-21640 RESERVED -CVE-2020-21639 - RESERVED +CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...) + TODO: check CVE-2020-21638 RESERVED CVE-2020-21637 @@ -22184,8 +22184,8 @@ CVE-2020-21629 RESERVED CVE-2020-21628 RESERVED -CVE-2020-21627 - RESERVED +CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...) + TODO: check CVE-2020-21626 RESERVED CVE-2020-21625 @@ -41962,8 +41962,8 @@ CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Grap NOT-FOR-US: Intel / AMD CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...) NOT-FOR-US: AMD -CVE-2020-12961 - RESERVED +CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...) + TODO: check CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...) NOT-FOR-US: AMD CVE-2020-12959 @@ -41976,14 +41976,14 @@ CVE-2020-12956 RESERVED CVE-2020-12955 RESERVED -CVE-2020-12954 - RESERVED +CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...) + TODO: check CVE-2020-12953 RESERVED CVE-2020-12952 RESERVED -CVE-2020-12951 - RESERVED +CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...) + TODO: check CVE-2020-12950 RESERVED CVE-2020-12949 @@ -41992,12 +41992,12 @@ CVE-2020-12948 RESERVED CVE-2020-12947 RESERVED -CVE-2020-12946 - RESERVED +CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...) + TODO: check CVE-2020-12945 RESERVED -CVE-2020-12944 - RESERVED +CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...) + TODO: check CVE-2020-12943 RESERVED CVE-2020-12942 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 278965bdc8..311c5f96f7 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,17 @@ +CVE-2021-43774 + RESERVED +CVE-2021-43773 + RESERVED +CVE-2021-43772 + RESERVED +CVE-2021-43771 + RESERVED +CVE-2021-3964 + RESERVED +CVE-2021-3963 + RESERVED +CVE-2021-3962 + RESERVED CVE-2021-43770 RESERVED CVE-2021-43769 @@ -54,8 +68,8 @@ CVE-2021-3960 RESERVED CVE-2021-3959 RESERVED -CVE-2021-3958 - RESERVED +CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...) + TODO: check CVE-2021-43745 RESERVED CVE-2021-43744 @@ -1644,12 +1658,12 @@ CVE-2021-43050 RESERVED CVE-2021-43049 RESERVED -CVE-2021-43048 - RESERVED -CVE-2021-43047 - RESERVED -CVE-2021-43046 - RESERVED +CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...) + TODO: check +CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...) + TODO: check +CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...) + TODO: check CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...) - linux 5.14.16-1 [buster] - linux (Vulnerable code introduced later) @@ -3744,8 +3758,8 @@ CVE-2021-42116 RESERVED CVE-2021-42115 RESERVED -CVE-2021-42114 - RESERVED +CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...) + TODO: check CVE-2021-42113 RESERVED CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...) @@ -5764,8 +5778,8 @@ CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc -CVE-2021-41258 - RESERVED +CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...) + TODO: check CVE-2021-41257 RESERVED CVE-2021-41256 @@ -5779,8 +5793,8 @@ CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis vers NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master) NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1) -CVE-2021-41252 - RESERVED +CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer ...) + TODO: check CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...) NOT-FOR-US: SAP CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...) @@ -11264,8 +11278,8 @@ CVE-2021-38951 RESERVED CVE-2021-38950 RESERVED -CVE-2021-38949 - RESERVED +CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...) + TODO: check CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...) NOT-FOR-US: IBM CVE-2021-38947 @@ -11398,8 +11412,8 @@ CVE-2021-38884 RESERVED CVE-2021-38883 RESERVED -CVE-2021-38882 - RESERVED +CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...) + TODO: check CVE-2021-38881 RESERVED CVE-2021-38880 @@ -14616,8 +14630,8 @@ CVE-2021-37582 RESERVED CVE-2021-37581 RESERVED -CVE-2021-37580 - RESERVED +CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...) + TODO: check CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...) NOT-FOR-US: Apache Dubbo CVE-2021-3667 @@ -32146,8 +32160,8 @@ CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in uti NOT-FOR-US: samurai CVE-2021-30217 RESERVED -CVE-2021-30216 - RESERVED +CVE-2021-30216 (Zoho Web mail version NA is affected by an incorrect access control vu ...) + TODO: check CVE-2021-30215 RESERVED CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...) @@ -41507,44 +41521,44 @@ CVE-2021-26340 RESERVED CVE-2021-26339 RESERVED -CVE-2021-26338 - RESERVED -CVE-2021-26337 - RESERVED -CVE-2021-26336 - RESERVED -CVE-2021-26335 - RESERVED +CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...) + TODO: check +CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) + TODO: check +CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...) + TODO: check +CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...) + TODO: check CVE-2021-26334 RESERVED CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...) NOT-FOR-US: AMD CVE-2021-26332 RESERVED -CVE-2021-26331 - RESERVED -CVE-2021-26330 - RESERVED -CVE-2021-26329 - RESERVED +CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...) + TODO: check +CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...) + TODO: check +CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...) + TODO: check CVE-2021-26328 RESERVED -CVE-2021-26327 - RESERVED -CVE-2021-26326 - RESERVED -CVE-2021-26325 - RESERVED +CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...) + TODO: check +CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...) + TODO: check +CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...) + TODO: check CVE-2021-26324 RESERVED -CVE-2021-26323 - RESERVED -CVE-2021-26322 - RESERVED -CVE-2021-26321 - RESERVED -CVE-2021-26320 - RESERVED +CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...) + TODO: check +CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...) + TODO: check +CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...) + TODO: check +CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...) + TODO: check CVE-2021-26319 RESERVED CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...) @@ -41554,8 +41568,8 @@ CVE-2021-26317 RESERVED CVE-2021-26316 RESERVED -CVE-2021-26315 - RESERVED +CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...) + TODO: check CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...) NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in @@ -41567,8 +41581,8 @@ CVE-2021-26313 (Potential speculative code store bypass in all supported CPU pro [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-375.html NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 -CVE-2021-26312 - RESERVED +CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...) + TODO: check CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...) NOT-FOR-US: AMD CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...) @@ -42467,14 +42481,14 @@ CVE-2021-25987 RESERVED CVE-2021-25986 RESERVED -CVE-2021-25985 - RESERVED -CVE-2021-25984 - RESERVED -CVE-2021-25983 - RESERVED -CVE-2021-25982 - RESERVED +CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...) + TODO: check +CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...) + TODO: check +CVE-2021-25983 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...) + TODO: check +CVE-2021-25982 (In Factor (App Framework & Headless CMS) forum plugin, versions 1. ...) + TODO: check CVE-2021-25981 RESERVED CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...) @@ -42485,8 +42499,8 @@ CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable t NOT-FOR-US: Apostrophe CMS CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...) NOT-FOR-US: PiranhaCMS -CVE-2021-25976 - RESERVED +CVE-2021-25976 (In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross- ...) + TODO: check CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a ...) NOT-FOR-US: Publify CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...) @@ -42507,8 +42521,8 @@ CVE-2021-25967 RESERVED CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...) NOT-FOR-US: Orchard CMS -CVE-2021-25965 - RESERVED +CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...) + TODO: check CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...) NOT-FOR-US: Calibre web CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...) @@ -42560,8 +42574,8 @@ CVE-2021-25942 RESERVED CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...) NOT-FOR-US: Node deep-override -CVE-2021-25940 - RESERVED +CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...) + TODO: check CVE-2021-25939 RESERVED CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...) -- cgit v1.2.3