From 669473916a9331d0cc1e96412bbc7829b7b794ef Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 5 Mar 2021 20:10:30 +0000 Subject: automatic update --- data/CVE/2021.list | 242 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 196 insertions(+), 46 deletions(-) (limited to 'data/CVE/2021.list') diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 93fa159654..c151d2f4dd 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,153 @@ +CVE-2021-3423 + RESERVED +CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...) + TODO: check +CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...) + TODO: check +CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...) + TODO: check +CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...) + TODO: check +CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) + TODO: check +CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) + TODO: check +CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...) + TODO: check +CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...) + TODO: check +CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...) + TODO: check +CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust. ...) + TODO: check +CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...) + TODO: check +CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...) + TODO: check +CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There ...) + TODO: check +CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...) + TODO: check +CVE-2021-28025 + RESERVED +CVE-2021-28024 + RESERVED +CVE-2021-28023 + RESERVED +CVE-2021-28022 + RESERVED +CVE-2021-28021 + RESERVED +CVE-2021-28020 + RESERVED +CVE-2021-28019 + RESERVED +CVE-2021-28018 + RESERVED +CVE-2021-28017 + RESERVED +CVE-2021-28016 + RESERVED +CVE-2021-28015 + RESERVED +CVE-2021-28014 + RESERVED +CVE-2021-28013 + RESERVED +CVE-2021-28012 + RESERVED +CVE-2021-28011 + RESERVED +CVE-2021-28010 + RESERVED +CVE-2021-28009 + RESERVED +CVE-2021-28008 + RESERVED +CVE-2021-28007 + RESERVED +CVE-2021-28006 + RESERVED +CVE-2021-28005 + RESERVED +CVE-2021-28004 + RESERVED +CVE-2021-28003 + RESERVED +CVE-2021-28002 + RESERVED +CVE-2021-28001 + RESERVED +CVE-2021-28000 + RESERVED +CVE-2021-27999 + RESERVED +CVE-2021-27998 + RESERVED +CVE-2021-27997 + RESERVED +CVE-2021-27996 + RESERVED +CVE-2021-27995 + RESERVED +CVE-2021-27994 + RESERVED +CVE-2021-27993 + RESERVED +CVE-2021-27992 + RESERVED +CVE-2021-27991 + RESERVED +CVE-2021-27990 + RESERVED +CVE-2021-27989 + RESERVED +CVE-2021-27988 + RESERVED +CVE-2021-27987 + RESERVED +CVE-2021-27986 + RESERVED +CVE-2021-27985 + RESERVED +CVE-2021-27984 + RESERVED +CVE-2021-27983 + RESERVED +CVE-2021-27982 + RESERVED +CVE-2021-27981 + RESERVED +CVE-2021-27980 + RESERVED +CVE-2021-27979 + RESERVED +CVE-2021-27978 + RESERVED +CVE-2021-27977 + RESERVED +CVE-2021-27976 + RESERVED +CVE-2021-27975 + RESERVED +CVE-2021-27974 + RESERVED +CVE-2021-27973 + RESERVED +CVE-2021-27972 + RESERVED +CVE-2021-27971 + RESERVED +CVE-2021-27970 + RESERVED +CVE-2021-27969 + RESERVED +CVE-2021-27968 + RESERVED +CVE-2021-27967 + RESERVED +CVE-2021-27966 + RESERVED CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...) NOT-FOR-US: MSI Dragon Center CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...) @@ -40,12 +190,12 @@ CVE-2021-27946 RESERVED CVE-2021-27945 RESERVED -CVE-2021-28039 [XSA 369] +CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...) - linux (unimportant) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-369.html -CVE-2021-28038 [XSA 367] +CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...) - linux NOTE: https://xenbits.xen.org/xsa/advisory-367.html CVE-2021-3422 @@ -139,8 +289,7 @@ CVE-2021-27909 RESERVED CVE-2021-27908 RESERVED -CVE-2021-27907 - RESERVED +CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...) NOT-FOR-US: Apache Superset CVE-2021-27906 RESERVED @@ -1841,10 +1990,10 @@ CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection NOT-FOR-US: Accellion FTA CVE-2021-27100 RESERVED -CVE-2021-27099 - RESERVED -CVE-2021-27098 - RESERVED +CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the ...) + TODO: check +CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 ...) + TODO: check CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...) - u-boot (bug #983270) [buster] - u-boot (Minor issue) @@ -2104,30 +2253,30 @@ CVE-2021-26973 RESERVED CVE-2021-26972 RESERVED -CVE-2021-26971 - RESERVED -CVE-2021-26970 - RESERVED -CVE-2021-26969 - RESERVED -CVE-2021-26968 - RESERVED -CVE-2021-26967 - RESERVED -CVE-2021-26966 - RESERVED -CVE-2021-26965 - RESERVED -CVE-2021-26964 - RESERVED -CVE-2021-26963 - RESERVED -CVE-2021-26962 - RESERVED -CVE-2021-26961 - RESERVED -CVE-2021-26960 - RESERVED +CVE-2021-26971 (A remote authenticated arbitrary command execution vulnerability was d ...) + TODO: check +CVE-2021-26970 (A remote authenticated arbitrary command execution vulnerability was d ...) + TODO: check +CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) vulnera ...) + TODO: check +CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) + TODO: check +CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability was discov ...) + TODO: check +CVE-2021-26966 (A remote authenticated sql injection vulnerability was discovered in A ...) + TODO: check +CVE-2021-26965 (A remote authenticated sql injection vulnerability was discovered in A ...) + TODO: check +CVE-2021-26964 (A remote authentication restriction bypass vulnerability was discovere ...) + TODO: check +CVE-2021-26963 (A remote authenticated arbitrary command execution vulnerability was d ...) + TODO: check +CVE-2021-26962 (A remote authenticated arbitrary command execution vulnerability was d ...) + TODO: check +CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) + TODO: check +CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) + TODO: check CVE-2021-26959 REJECTED CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) @@ -2726,8 +2875,8 @@ CVE-2021-26707 NOT-FOR-US: Node deep-merge CVE-2021-26706 RESERVED -CVE-2021-26705 - RESERVED +CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...) + TODO: check CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: EPrints CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) @@ -3133,8 +3282,8 @@ CVE-2021-3379 RESERVED CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...) NOT-FOR-US: FortiLogger -CVE-2021-3377 - RESERVED +CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...) + TODO: check CVE-2021-3376 RESERVED CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...) @@ -4184,6 +4333,7 @@ CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.tem CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...) NOT-FOR-US: Apache ActiveMQ Artemis CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...) + {DLA-2583-1} - activemq 5.16.1-1 (bug #982590) NOTE: https://issues.apache.org/jira/browse/AMQ-8035 NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6 @@ -6038,8 +6188,8 @@ CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerabi TODO: check CVE-2021-25314 RESERVED -CVE-2021-25313 - RESERVED +CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) + TODO: check CVE-2021-3179 RESERVED CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...) @@ -13619,8 +13769,8 @@ CVE-2021-21727 RESERVED CVE-2021-21726 RESERVED -CVE-2021-21725 - RESERVED +CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...) + TODO: check CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...) NOT-FOR-US: ZTE CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...) @@ -16004,12 +16154,12 @@ CVE-2021-20667 RESERVED CVE-2021-20666 RESERVED -CVE-2021-20665 - RESERVED -CVE-2021-20664 - RESERVED -CVE-2021-20663 - RESERVED +CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents ...) + TODO: check +CVE-2021-20664 (Cross-site scripting vulnerability in in Asset registration screen of ...) + TODO: check +CVE-2021-20663 (Cross-site scripting vulnerability in in Role authority setting screen ...) + TODO: check CVE-2021-20662 (Missing authentication for critical function in SolarView Compact SV-C ...) NOT-FOR-US: SolarView Compact CVE-2021-20661 (Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 pr ...) -- cgit v1.2.3