diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-11-03 08:10:21 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-03 08:10:21 +0000 |
commit | 8df9b16e7e6a6717a1fc8e039c205f1330e759a9 (patch) | |
tree | 0b7917cbf7d59152bc97e5efc04623c099a36842 /data/CVE/list.2021 | |
parent | 0c637cec85c2dbd7086baf12fb7d4cee22bdf609 (diff) |
automatic update
Diffstat (limited to 'data/CVE/list.2021')
-rw-r--r-- | data/CVE/list.2021 | 246 |
1 files changed, 147 insertions, 99 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index e9e272e669..3e86d9392e 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,4 +1,86 @@ -CVE-2021-43267 [tipc: fix size validations for the MSG_CRYPTO type] +CVE-2021-43296 + RESERVED +CVE-2021-43295 + RESERVED +CVE-2021-43294 + RESERVED +CVE-2021-43293 + RESERVED +CVE-2021-43292 + RESERVED +CVE-2021-43291 + RESERVED +CVE-2021-43290 + RESERVED +CVE-2021-43289 + RESERVED +CVE-2021-43288 + RESERVED +CVE-2021-43287 + RESERVED +CVE-2021-43286 + RESERVED +CVE-2021-43285 + RESERVED +CVE-2021-43284 + RESERVED +CVE-2021-43283 + RESERVED +CVE-2021-43282 + RESERVED +CVE-2021-43281 + RESERVED +CVE-2021-43280 + RESERVED +CVE-2021-43279 + RESERVED +CVE-2021-43278 + RESERVED +CVE-2021-43277 + RESERVED +CVE-2021-43276 + RESERVED +CVE-2021-43275 + RESERVED +CVE-2021-43274 + RESERVED +CVE-2021-43273 + RESERVED +CVE-2021-43272 + RESERVED +CVE-2021-43271 + RESERVED +CVE-2021-43270 (Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) 3.1.0-dev-00148, 3. ...) + TODO: check +CVE-2021-43269 + RESERVED +CVE-2021-43268 + RESERVED +CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...) + TODO: check +CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...) + TODO: check +CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...) + TODO: check +CVE-2021-43263 + RESERVED +CVE-2021-43262 + RESERVED +CVE-2021-43261 + RESERVED +CVE-2021-43260 + RESERVED +CVE-2021-43259 + RESERVED +CVE-2021-43258 + RESERVED +CVE-2021-43257 + RESERVED +CVE-2021-3923 + RESERVED +CVE-2021-3922 + RESERVED +CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...) - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -1217,8 +1299,8 @@ CVE-2021-42699 RESERVED CVE-2021-42698 RESERVED -CVE-2021-42697 - RESERVED +CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...) + TODO: check CVE-2021-42696 RESERVED CVE-2021-42695 @@ -4318,8 +4400,8 @@ CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in NOT-FOR-US: NETGEAR CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian -CVE-2021-41312 - RESERVED +CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...) + TODO: check CVE-2021-41311 RESERVED CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) @@ -4974,8 +5056,8 @@ CVE-2021-41038 RESERVED CVE-2021-41037 RESERVED -CVE-2021-41036 - RESERVED +CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...) + TODO: check CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) @@ -9245,10 +9327,10 @@ CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8 CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...) NOT-FOR-US: Apache Jena -CVE-2021-39238 - RESERVED -CVE-2021-39237 - RESERVED +CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...) + TODO: check +CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...) + TODO: check CVE-2021-39236 RESERVED CVE-2021-39235 @@ -10951,22 +11033,19 @@ CVE-2021-38503 - firefox-esr 91.3.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503 -CVE-2021-38502 - RESERVED +CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...) [experimental] - thunderbird 1:91.2.0-1 - thunderbird <undetermined> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502 TODO: double check, it was only referenced in mfsa2021-47 but not mfsa2021-46, but issue is about attack on SMTP STARTTLS connections -CVE-2021-38501 - RESERVED +CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) - firefox 93.0-1 - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501 -CVE-2021-38500 - RESERVED +CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) {DSA-4981-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 @@ -10977,28 +11056,24 @@ CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500 -CVE-2021-38499 - RESERVED +CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92. ...) - firefox 93.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499 -CVE-2021-38498 - RESERVED +CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...) - firefox 93.0-1 - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498 -CVE-2021-38497 - RESERVED +CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...) - firefox 93.0-1 - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497 -CVE-2021-38496 - RESERVED +CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...) {DSA-4981-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 @@ -11009,16 +11084,13 @@ CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496 -CVE-2021-38495 - RESERVED +CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird ...) - thunderbird <not-affected> (Vulnerable code introduced later) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495 -CVE-2021-38494 - RESERVED +CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91. ...) - firefox 92.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494 -CVE-2021-38493 - RESERVED +CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...) {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1} - firefox 92.0-1 - firefox-esr 78.14.0esr-1 @@ -11026,16 +11098,14 @@ CVE-2021-38493 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493 -CVE-2021-38492 - RESERVED +CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...) - firefox <not-affected> (Only affects Windows) - firefox-esr <not-affected> (Only affects Windows) - thunderbird <not-affected> (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492 -CVE-2021-38491 - RESERVED +CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...) - firefox 92.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491 CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...) @@ -12229,84 +12299,64 @@ CVE-2021-37997 RESERVED - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37996 - RESERVED +CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37995 - RESERVED +CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37994 - RESERVED +CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37993 - RESERVED +CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37992 - RESERVED +CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37991 - RESERVED +CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37990 - RESERVED +CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37989 - RESERVED +CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37988 - RESERVED +CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37987 - RESERVED +CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37986 - RESERVED +CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37985 - RESERVED +CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37984 - RESERVED +CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37983 - RESERVED +CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37982 - RESERVED +CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37981 - RESERVED +CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37980 - RESERVED +CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37979 - RESERVED +CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37978 - RESERVED +CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-37977 - RESERVED +CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...) @@ -12358,7 +12408,7 @@ CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606. - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-37960 - RESERVED + REJECTED - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...) @@ -29670,7 +29720,7 @@ CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 - chromium 93.0.4577.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-30631 - RESERVED + REJECTED - chromium 93.0.4577.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...) @@ -31352,14 +31402,12 @@ CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in C NOT-FOR-US: CloverDX CVE-2021-29994 RESERVED -CVE-2021-29993 - RESERVED +CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...) - firefox <not-affected> (Specific to Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993 CVE-2021-29992 RESERVED -CVE-2021-29991 - RESERVED +CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...) - firefox 91.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991 CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...) @@ -53415,22 +53463,22 @@ CVE-2021-20709 (Improper validation of integrity check value vulnerability in NE NOT-FOR-US: Aterm firmware CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...) NOT-FOR-US: Aterm firmware -CVE-2021-20707 - RESERVED -CVE-2021-20706 - RESERVED -CVE-2021-20705 - RESERVED -CVE-2021-20704 - RESERVED -CVE-2021-20703 - RESERVED -CVE-2021-20702 - RESERVED -CVE-2021-20701 - RESERVED -CVE-2021-20700 - RESERVED +CVE-2021-20707 (Improper input validation vulnerability in the Transaction Server CLUS ...) + TODO: check +CVE-2021-20706 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...) + TODO: check +CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...) + TODO: check +CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...) + TODO: check +CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...) + TODO: check +CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1 ...) + TODO: check +CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...) + TODO: check +CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for W ...) + TODO: check CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...) NOT-FOR-US: SHARP CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...) @@ -55023,8 +55071,8 @@ CVE-2021-20137 RESERVED CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper acces ...) NOT-FOR-US: ManageEngine -CVE-2021-20135 - RESERVED +CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...) + TODO: check CVE-2021-20134 RESERVED CVE-2021-20133 |