diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-18 20:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-18 20:10:28 +0000 |
commit | e916105151056d73f5183752ec61b031e6c0ce7f (patch) | |
tree | 825a2bae06ce0e98d04656ed5f2c1ad338ace92d /data/CVE/list.2021 | |
parent | c2f68c9cdf802b40a08e6cad5c1d86d6eb3575eb (diff) |
automatic update
Diffstat (limited to 'data/CVE/list.2021')
-rw-r--r-- | data/CVE/list.2021 | 365 |
1 files changed, 276 insertions, 89 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 249d5bcb3a..7875af9985 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,193 @@ +CVE-2021-46399 + RESERVED +CVE-2021-46398 + RESERVED +CVE-2021-46397 + RESERVED +CVE-2021-46396 + RESERVED +CVE-2021-46395 + RESERVED +CVE-2021-46394 + RESERVED +CVE-2021-46393 + RESERVED +CVE-2021-46392 + RESERVED +CVE-2021-46391 + RESERVED +CVE-2021-46390 + RESERVED +CVE-2021-46389 + RESERVED +CVE-2021-46388 + RESERVED +CVE-2021-46387 + RESERVED +CVE-2021-46386 + RESERVED +CVE-2021-46385 + RESERVED +CVE-2021-46384 + RESERVED +CVE-2021-46383 + RESERVED +CVE-2021-46382 + RESERVED +CVE-2021-46381 + RESERVED +CVE-2021-46380 + RESERVED +CVE-2021-46379 + RESERVED +CVE-2021-46378 + RESERVED +CVE-2021-46377 + RESERVED +CVE-2021-46376 + RESERVED +CVE-2021-46375 + RESERVED +CVE-2021-46374 + RESERVED +CVE-2021-46373 + RESERVED +CVE-2021-46372 + RESERVED +CVE-2021-46371 + RESERVED +CVE-2021-46370 + RESERVED +CVE-2021-46369 + RESERVED +CVE-2021-46368 + RESERVED +CVE-2021-46367 + RESERVED +CVE-2021-46366 + RESERVED +CVE-2021-46365 + RESERVED +CVE-2021-46364 + RESERVED +CVE-2021-46363 + RESERVED +CVE-2021-46362 + RESERVED +CVE-2021-46361 + RESERVED +CVE-2021-46360 + RESERVED +CVE-2021-46359 + RESERVED +CVE-2021-46358 + RESERVED +CVE-2021-46357 + RESERVED +CVE-2021-46356 + RESERVED +CVE-2021-46355 + RESERVED +CVE-2021-46354 + RESERVED +CVE-2021-46353 + RESERVED +CVE-2021-46352 + RESERVED +CVE-2021-46351 + RESERVED +CVE-2021-46350 + RESERVED +CVE-2021-46349 + RESERVED +CVE-2021-46348 + RESERVED +CVE-2021-46347 + RESERVED +CVE-2021-46346 + RESERVED +CVE-2021-46345 + RESERVED +CVE-2021-46344 + RESERVED +CVE-2021-46343 + RESERVED +CVE-2021-46342 + RESERVED +CVE-2021-46341 + RESERVED +CVE-2021-46340 + RESERVED +CVE-2021-46339 + RESERVED +CVE-2021-46338 + RESERVED +CVE-2021-46337 + RESERVED +CVE-2021-46336 + RESERVED +CVE-2021-46335 + RESERVED +CVE-2021-46334 + RESERVED +CVE-2021-46333 + RESERVED +CVE-2021-46332 + RESERVED +CVE-2021-46331 + RESERVED +CVE-2021-46330 + RESERVED +CVE-2021-46329 + RESERVED +CVE-2021-46328 + RESERVED +CVE-2021-46327 + RESERVED +CVE-2021-46326 + RESERVED +CVE-2021-46325 + RESERVED +CVE-2021-46324 + RESERVED +CVE-2021-46323 + RESERVED +CVE-2021-46322 + RESERVED +CVE-2021-46321 + RESERVED +CVE-2021-46320 + RESERVED +CVE-2021-46319 + RESERVED +CVE-2021-46318 + RESERVED +CVE-2021-46317 + RESERVED +CVE-2021-46316 + RESERVED +CVE-2021-46315 + RESERVED +CVE-2021-46314 + RESERVED +CVE-2021-46313 + RESERVED +CVE-2021-46312 + RESERVED +CVE-2021-46311 + RESERVED +CVE-2021-46310 + RESERVED +CVE-2021-46309 + RESERVED +CVE-2021-46308 + RESERVED +CVE-2021-46307 + RESERVED +CVE-2021-46306 + RESERVED +CVE-2021-46305 + RESERVED CVE-2021-46304 RESERVED CVE-2021-46303 @@ -699,10 +889,10 @@ CVE-2021-46015 RESERVED CVE-2021-46014 RESERVED -CVE-2021-46013 - RESERVED +CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...) + TODO: check CVE-2021-46012 - RESERVED + REJECTED CVE-2021-46011 RESERVED CVE-2021-46010 @@ -715,8 +905,8 @@ CVE-2021-46007 RESERVED CVE-2021-46006 RESERVED -CVE-2021-46005 - RESERVED +CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...) + TODO: check CVE-2021-46004 RESERVED CVE-2021-46003 @@ -2193,8 +2383,8 @@ CVE-2021-4147 [deadlock and crash in libxl driver] NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 -CVE-2021-4146 - RESERVED +CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) + TODO: check CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c] RESERVED - qemu 1:6.2+dfsg-1 @@ -2324,8 +2514,8 @@ CVE-2021-45396 RESERVED CVE-2021-45395 RESERVED -CVE-2021-45394 - RESERVED +CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...) + TODO: check CVE-2021-45393 RESERVED CVE-2021-45392 @@ -3739,12 +3929,12 @@ CVE-2021-44842 RESERVED CVE-2021-44841 RESERVED -CVE-2021-44840 - RESERVED +CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...) + TODO: check CVE-2021-44839 RESERVED -CVE-2021-44838 - RESERVED +CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...) + TODO: check CVE-2021-44837 RESERVED CVE-2021-44836 @@ -3985,8 +4175,7 @@ CVE-2021-4085 RESERVED CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: Pimcore -CVE-2021-4083 - RESERVED +CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...) - linux 5.15.5-2 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4) @@ -3996,8 +4185,8 @@ CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During NOT-FOR-US: Pimcore CVE-2021-44758 RESERVED -CVE-2021-44757 - RESERVED +CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...) + TODO: check CVE-2021-44756 RESERVED CVE-2021-44755 @@ -4243,8 +4432,8 @@ CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 i NOT-FOR-US: Zoho ManageEngine CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...) NOT-FOR-US: snipe-it -CVE-2021-4074 - RESERVED +CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...) + TODO: check CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...) NOT-FOR-US: WordPress plugin CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...) @@ -4631,8 +4820,8 @@ CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_ [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33) -CVE-2021-43353 - RESERVED +CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...) + TODO: check CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) @@ -5465,8 +5654,8 @@ CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...) NOT-FOR-US: Gin-Vue-Admin CVE-2021-44218 RESERVED -CVE-2021-44217 - RESERVED +CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...) + TODO: check CVE-2021-44216 RESERVED CVE-2021-44215 @@ -11356,12 +11545,12 @@ CVE-2021-41811 RESERVED CVE-2021-41810 RESERVED -CVE-2021-41809 - RESERVED -CVE-2021-41808 - RESERVED -CVE-2021-41807 - RESERVED +CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...) + TODO: check +CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...) + TODO: check +CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...) + TODO: check CVE-2021-41806 RESERVED CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...) @@ -11979,10 +12168,10 @@ CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.8 NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41552 RESERVED -CVE-2021-41551 - RESERVED -CVE-2021-41550 - RESERVED +CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...) + TODO: check +CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...) + TODO: check CVE-2021-41549 RESERVED CVE-2021-41548 @@ -15873,8 +16062,7 @@ CVE-2021-39948 RESERVED CVE-2021-39947 RESERVED -CVE-2021-39946 - RESERVED +CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...) - gitlab <unfixed> CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...) - gitlab <unfixed> @@ -15882,8 +16070,7 @@ CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versi - gitlab <unfixed> CVE-2021-39943 RESERVED -CVE-2021-39942 - RESERVED +CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab <unfixed> CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) - gitlab <unfixed> @@ -15921,8 +16108,7 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark [buster] - wireshark <no-dsa> (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html -CVE-2021-39927 - RESERVED +CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...) - gitlab <unfixed> CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...) {DSA-5019-1} @@ -16022,8 +16208,8 @@ CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebindi - gitlab <unfixed> CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) - gitlab <unfixed> -CVE-2021-39892 - RESERVED +CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) + TODO: check CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab <unfixed> CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) @@ -18663,12 +18849,12 @@ CVE-2021-38787 RESERVED CVE-2021-38786 RESERVED -CVE-2021-38785 - RESERVED -CVE-2021-38784 - RESERVED -CVE-2021-38783 - RESERVED +CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...) + TODO: check +CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...) + TODO: check +CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...) + TODO: check CVE-2021-38782 RESERVED CVE-2021-38781 @@ -18857,14 +19043,14 @@ CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint - consul <unfixed> NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) -CVE-2021-38697 - RESERVED -CVE-2021-38696 - RESERVED -CVE-2021-38695 - RESERVED -CVE-2021-38694 - RESERVED +CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...) + TODO: check +CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...) + TODO: check +CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...) + TODO: check +CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...) + TODO: check CVE-2021-38693 RESERVED CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) @@ -21090,14 +21276,14 @@ CVE-2021-37869 RESERVED CVE-2021-37868 RESERVED -CVE-2021-37867 - RESERVED -CVE-2021-37866 - RESERVED -CVE-2021-37865 - RESERVED -CVE-2021-37864 - RESERVED +CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...) + TODO: check +CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...) + TODO: check +CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...) + TODO: check +CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...) + TODO: check CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...) TODO: check CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...) @@ -27165,7 +27351,7 @@ CVE-2021-35249 RESERVED CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) NOT-FOR-US: SolarWinds -CVE-2021-35247 (Serv-U web login screen was allowing characters that were not sanitize ...) +CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...) NOT-FOR-US: SolarWinds CVE-2021-35246 RESERVED @@ -29089,18 +29275,18 @@ CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-34407 REJECTED -CVE-2021-34406 - RESERVED -CVE-2021-34405 - RESERVED -CVE-2021-34404 - RESERVED -CVE-2021-34403 - RESERVED -CVE-2021-34402 - RESERVED -CVE-2021-34401 - RESERVED +CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...) + TODO: check +CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone’ ...) + TODO: check +CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...) + TODO: check +CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...) + TODO: check +CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...) + TODO: check +CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...) + TODO: check CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) NOT-FOR-US: NVIDIA CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) @@ -30017,10 +30203,10 @@ CVE-2021-33967 RESERVED CVE-2021-33966 RESERVED -CVE-2021-33965 - RESERVED -CVE-2021-33964 - RESERVED +CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + TODO: check +CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + TODO: check CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...) @@ -35593,7 +35779,8 @@ CVE-2021-31773 RESERVED CVE-2021-31772 RESERVED -CVE-2021-31771 (** DISPUTED ** Splinterware System Scheduler Professional version 5.30 ...) +CVE-2021-31771 + REJECTED NOT-FOR-US: Splinterware CVE-2021-31770 RESERVED @@ -40555,8 +40742,8 @@ CVE-2021-29874 RESERVED CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...) NOT-FOR-US: IBM -CVE-2021-29872 - RESERVED +CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...) + TODO: check CVE-2021-29871 RESERVED CVE-2021-29870 @@ -41081,8 +41268,8 @@ CVE-2021-29634 RESERVED CVE-2021-29633 RESERVED -CVE-2021-29632 - RESERVED +CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...) + TODO: check CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...) NOT-FOR-US: FreeBSD CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...) @@ -42144,8 +42331,8 @@ CVE-2021-29217 RESERVED CVE-2021-29216 RESERVED -CVE-2021-29215 - RESERVED +CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...) + TODO: check CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...) NOT-FOR-US: HPE CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) @@ -57799,8 +57986,8 @@ CVE-2021-22568 (When using the dart pub publish command to publish a package to TODO: check CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...) TODO: check -CVE-2021-22566 - RESERVED +CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...) + TODO: check CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...) TODO: check CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...) |