From 960ff12633c9e963b2a54767d0a0a6ea61b63981 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 18 Nov 2021 08:10:10 +0000 Subject: automatic update --- data/CVE/2020.list | 5 +- data/CVE/2021.list | 131 +++++++++++++++++++++++------------------------------ 2 files changed, 59 insertions(+), 77 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2f2c89c7db..f631197465 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -39660,7 +39660,7 @@ CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS NOT-FOR-US: Your Online Shop CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...) NOT-FOR-US: Pengutronix Barebox -CVE-2020-13909 (The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _ ...) +CVE-2020-13909 (The Ignition component before 2.0.5 for Laravel mishandles globals, _g ...) NOT-FOR-US: Laravel CVE-2020-13908 RESERVED @@ -52581,8 +52581,7 @@ CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox In NOT-FOR-US: Intel CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...) NOT-FOR-US: Intel -CVE-2020-8741 - RESERVED +CVE-2020-8741 (Improper permissions in the installer for the Intel(R) Thunderbolt(TM) ...) NOT-FOR-US: Intel CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some Intel( ...) NOT-FOR-US: Intel diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 7d857e83a9..a73c7624c0 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,9 @@ +CVE-2021-43998 + RESERVED +CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...) + TODO: check +CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...) + TODO: check CVE-2021-43995 RESERVED CVE-2021-43994 @@ -6220,16 +6226,16 @@ CVE-2021-41279 RESERVED CVE-2021-41278 RESERVED -CVE-2021-41277 - RESERVED +CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...) + TODO: check CVE-2021-41276 RESERVED -CVE-2021-41275 - RESERVED -CVE-2021-41274 - RESERVED -CVE-2021-41273 - RESERVED +CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...) + TODO: check +CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...) + TODO: check +CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with ...) + TODO: check CVE-2021-41272 RESERVED CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...) @@ -6405,8 +6411,8 @@ CVE-2021-41192 RESERVED CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...) NOT-FOR-US: Roblox-Purchasing-Hub -CVE-2021-41190 - RESERVED +CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...) + TODO: check CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) NOT-FOR-US: DSpace CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) @@ -6462,10 +6468,10 @@ CVE-2021-41167 (modern-async is an open source JavaScript tooling library for as NOT-FOR-US: modern-async CVE-2021-41166 RESERVED -CVE-2021-41165 - RESERVED -CVE-2021-41164 - RESERVED +CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...) + TODO: check +CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) + TODO: check CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-41162 @@ -25395,8 +25401,7 @@ CVE-2021-33100 RESERVED CVE-2021-33099 RESERVED -CVE-2021-33098 - RESERVED +CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html TODO: check, might affect src:linux CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...) @@ -25447,8 +25452,7 @@ CVE-2021-33075 RESERVED CVE-2021-33074 RESERVED -CVE-2021-33073 - RESERVED +CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...) NOT-FOR-US: Intel CVE-2021-33072 RESERVED @@ -25468,21 +25472,17 @@ CVE-2021-33065 RESERVED CVE-2021-33064 RESERVED -CVE-2021-33063 - RESERVED +CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP ...) NOT-FOR-US: Intel -CVE-2021-33062 - RESERVED +CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...) NOT-FOR-US: Intel CVE-2021-33061 RESERVED CVE-2021-33060 RESERVED -CVE-2021-33059 - RESERVED +CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...) NOT-FOR-US: Intel -CVE-2021-33058 - RESERVED +CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools ...) NOT-FOR-US: Intel CVE-2021-33057 RESERVED @@ -62037,14 +62037,14 @@ CVE-2021-0202 (On Juniper Networks MX Series and EX9200 Series platforms with Tr NOT-FOR-US: Juniper CVE-2021-0201 RESERVED -CVE-2021-0200 - RESERVED -CVE-2021-0199 - RESERVED -CVE-2021-0198 - RESERVED -CVE-2021-0197 - RESERVED +CVE-2021-0200 (Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series C ...) + TODO: check +CVE-2021-0199 (Improper input validation in the firmware for the Intel(R) Ethernet Ne ...) + TODO: check +CVE-2021-0198 (Improper access control in the firmware for the Intel(R) Ethernet Netw ...) + TODO: check +CVE-2021-0197 (Protection mechanism failure in the firmware for the Intel(R) Ethernet ...) + TODO: check CVE-2021-0196 (Improper access control in kernel mode driver for some Intel(R) NUC 9 ...) NOT-FOR-US: Intel CVE-2021-0195 @@ -62065,20 +62065,20 @@ CVE-2021-0188 RESERVED CVE-2021-0187 RESERVED -CVE-2021-0186 - RESERVED +CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...) + TODO: check CVE-2021-0185 RESERVED CVE-2021-0184 RESERVED CVE-2021-0183 RESERVED -CVE-2021-0182 - RESERVED +CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) + TODO: check CVE-2021-0181 RESERVED -CVE-2021-0180 - RESERVED +CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) + TODO: check CVE-2021-0179 RESERVED CVE-2021-0178 @@ -62133,23 +62133,19 @@ CVE-2021-0154 RESERVED CVE-2021-0153 RESERVED -CVE-2021-0152 - RESERVED +CVE-2021-0152 (Improper verification of cryptographic signature in the installer for ...) NOT-FOR-US: Intel -CVE-2021-0151 - RESERVED +CVE-2021-0151 (Improper access control in the installer for some Intel(R) Wireless Bl ...) NOT-FOR-US: Intel CVE-2021-0150 RESERVED CVE-2021-0149 RESERVED -CVE-2021-0148 - RESERVED +CVE-2021-0148 (Insertion of information into log file in firmware for some Intel(R) S ...) NOT-FOR-US: Intel CVE-2021-0147 RESERVED -CVE-2021-0146 - RESERVED +CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...) NOT-FOR-US: Intel CVE-2021-0145 RESERVED @@ -62171,8 +62167,7 @@ CVE-2021-0137 RESERVED CVE-2021-0136 RESERVED -CVE-2021-0135 - RESERVED +CVE-2021-0135 (Improper input validation in the Intel(R) Ethernet Diagnostic Driver f ...) NOT-FOR-US: Intel CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security Library ...) NOT-FOR-US: Intel @@ -62228,8 +62223,7 @@ CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows be NOT-FOR-US: Intel CVE-2021-0111 RESERVED -CVE-2021-0110 - RESERVED +CVE-2021-0110 (Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH D ...) NOT-FOR-US: Intel CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...) NOT-FOR-US: Intel @@ -62292,25 +62286,21 @@ CVE-2021-0084 (Improper input validation in the Intel(R) Ethernet Controllers X7 NOT-FOR-US: Intel CVE-2021-0083 (Improper input validation in some Intel(R) Optane(TM) PMem versions be ...) NOT-FOR-US: Intel -CVE-2021-0082 - RESERVED +CVE-2021-0082 (Uncontrolled search path in software installer for Intel(R) PROSet/Wir ...) NOT-FOR-US: Intel CVE-2021-0081 RESERVED CVE-2021-0080 RESERVED -CVE-2021-0079 - RESERVED +CVE-2021-0079 (Improper input validation in software for some Intel(R) PROSet/Wireles ...) NOT-FOR-US: Intel -CVE-2021-0078 - RESERVED +CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wireles ...) NOT-FOR-US: Intel CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...) NOT-FOR-US: Intel CVE-2021-0076 RESERVED -CVE-2021-0075 - RESERVED +CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...) NOT-FOR-US: Intel CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...) NOT-FOR-US: Intel @@ -62318,13 +62308,11 @@ CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before versi NOT-FOR-US: Intel CVE-2021-0072 RESERVED -CVE-2021-0071 - RESERVED +CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) NOT-FOR-US: Intel CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...) NOT-FOR-US: Intel -CVE-2021-0069 - RESERVED +CVE-2021-0069 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) NOT-FOR-US: Intel CVE-2021-0068 RESERVED @@ -62332,14 +62320,11 @@ CVE-2021-0067 ( Improper access control in system firmware for some Int NOT-FOR-US: Intel CVE-2021-0066 RESERVED -CVE-2021-0065 - RESERVED +CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...) NOT-FOR-US: Intel -CVE-2021-0064 - RESERVED +CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...) NOT-FOR-US: Intel -CVE-2021-0063 - RESERVED +CVE-2021-0063 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) NOT-FOR-US: Intel CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers before ver ...) NOT-FOR-US: Intel drivers for Windows @@ -62359,8 +62344,7 @@ CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme La NOT-FOR-US: Intel CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...) NOT-FOR-US: Intel -CVE-2021-0053 - RESERVED +CVE-2021-0053 (Improper initialization in firmware for some Intel(R) PROSet/Wireless ...) NOT-FOR-US: Intel CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...) NOT-FOR-US: Intel @@ -62440,8 +62424,7 @@ CVE-2021-0015 RESERVED CVE-2021-0014 RESERVED -CVE-2021-0013 - RESERVED +CVE-2021-0013 (Improper input validation for Intel(R) EMA before version 1.5.0 may al ...) NOT-FOR-US: Intel CVE-2021-0012 (Use after free in some Intel(R) Graphics Driver before version 27.20.1 ...) NOT-FOR-US: Intel drivers for Windows -- cgit v1.2.3