automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-01-15 08:10:09 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-01-15 08:10:09 +0000
commit: ef4b157d0e0cc2046a9d05eb5dfa152ea3d56330 (patch)
tree: 23f60fede4be446f761c3d52da09f39f2f632cd6 /data/CVE/list.2021
parent: 406c4fab4a02334cf442b1bb57599b68592ed42e (diff)
1 files changed, 107 insertions, 129 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index be6269297c..a1289fd7c3 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -226,8 +226,8 @@ CVE-2021-46197
 	RESERVED
 CVE-2021-46196
 	RESERVED
-CVE-2021-46195
-	RESERVED
+CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the  ...)
+	TODO: check
 CVE-2021-46194
 	RESERVED
 CVE-2021-46193
@@ -274,14 +274,14 @@ CVE-2021-46173
 	RESERVED
 CVE-2021-46172
 	RESERVED
-CVE-2021-46171
-	RESERVED
-CVE-2021-46170
-	RESERVED
-CVE-2021-46169
-	RESERVED
-CVE-2021-46168
-	RESERVED
+CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...)
+	TODO: check
+CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...)
+	TODO: check
+CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability  ...)
+	TODO: check
+CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex()  ...)
+	TODO: check
 CVE-2021-46167
 	RESERVED
 CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...)
@@ -675,14 +675,14 @@ CVE-2021-46024
 	RESERVED
 CVE-2021-46023
 	RESERVED
-CVE-2021-46022
-	RESERVED
-CVE-2021-46021
-	RESERVED
-CVE-2021-46020
-	RESERVED
-CVE-2021-46019
-	RESERVED
+CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...)
+	TODO: check
+CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...)
+	TODO: check
+CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can  ...)
+	TODO: check
+CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...)
+	TODO: check
 CVE-2021-46018
 	RESERVED
 CVE-2021-46017
@@ -863,7 +863,7 @@ CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_addre
 CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
 	- libredwg <itp> (bug #595191)
 CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)
-	{DSA-5038-1}
+	{DSA-5038-1 DLA-2879-1}
 	- ghostscript 9.55.0~dfsg-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
@@ -883,7 +883,7 @@ CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called f
 CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...)
 	NOT-FOR-US: uWebSockets
 CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
-	{DSA-5038-1}
+	{DSA-5038-1 DLA-2879-1}
 	- ghostscript 9.54.0~dfsg-5
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
@@ -1355,44 +1355,44 @@ CVE-2021-45784
 	RESERVED
 CVE-2021-45783
 	RESERVED
-CVE-2021-45782
-	RESERVED
-CVE-2021-45781
-	RESERVED
-CVE-2021-45780
-	RESERVED
-CVE-2021-45779
-	RESERVED
-CVE-2021-45778
-	RESERVED
+CVE-2021-45782 (An untrusted pointer dereference in getcmd() at inetutils/src/tftp.c o ...)
+	TODO: check
+CVE-2021-45781 (GNU Inetutils 2.2.16-cf091 was discovered to contain a heap-based buff ...)
+	TODO: check
+CVE-2021-45780 (GNU Inetutils commit cf091 was discovered to contain a memory leak via ...)
+	TODO: check
+CVE-2021-45779 (A NULL pointer dereference in unsetcmd() at inetutils/telnet/commands. ...)
+	TODO: check
+CVE-2021-45778 (A NULL pointer dereference in setnmap() at cmds.c of GNU Inetutils v2. ...)
+	TODO: check
 CVE-2021-45777
 	RESERVED
 CVE-2021-45776
 	RESERVED
-CVE-2021-45775
-	RESERVED
-CVE-2021-45774
-	RESERVED
-CVE-2021-45773
-	RESERVED
+CVE-2021-45775 (GNU Inetutils 2.2.16-cf091 was discovered to contain an infinite loop  ...)
+	TODO: check
+CVE-2021-45774 (A NULL pointer dereference in help() at inetutils/telnet/commands.c of ...)
+	TODO: check
+CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...)
+	TODO: check
 CVE-2021-45772
 	RESERVED
 CVE-2021-45771
 	RESERVED
 CVE-2021-45770
 	RESERVED
-CVE-2021-45769
-	RESERVED
+CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...)
+	TODO: check
 CVE-2021-45768
 	RESERVED
-CVE-2021-45767
-	RESERVED
+CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
+	TODO: check
 CVE-2021-45766
 	RESERVED
 CVE-2021-45765
 	RESERVED
-CVE-2021-45764
-	RESERVED
+CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+	TODO: check
 CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function  ...)
 	TODO: check
 CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
@@ -2064,7 +2064,7 @@ CVE-2021-4161 (The affected products contain vulnerable firmware, which could al
 CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
-CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote ...)
+CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
 	NOT-FOR-US: Imperva Web Application Firewall
 CVE-2021-45467
 	RESERVED
@@ -2291,8 +2291,8 @@ CVE-2021-45408
 	RESERVED
 CVE-2021-45407
 	RESERVED
-CVE-2021-45406
-	RESERVED
+CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
+	TODO: check
 CVE-2021-45405
 	RESERVED
 CVE-2021-45404
@@ -2993,10 +2993,10 @@ CVE-2021-26264
 	RESERVED
 CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
 	NOT-FOR-US: Philips
-CVE-2021-23157
-	RESERVED
-CVE-2021-23138
-	RESERVED
+CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...)
+	TODO: check
+CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...)
+	TODO: check
 CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues]
 	- spip 3.2.12-1
 	[bullseye] - spip 3.2.11-3+deb11u1
@@ -3773,8 +3773,8 @@ CVE-2021-44830
 	RESERVED
 CVE-2021-44829
 	RESERVED
-CVE-2021-44828
-	RESERVED
+CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0  ...)
+	TODO: check
 CVE-2021-44827
 	RESERVED
 CVE-2021-44826
@@ -4643,8 +4643,8 @@ CVE-2021-44531 [Improper handling of URI Subject Alternative Names]
 	NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531
 	NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x)
 	NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x)
-CVE-2021-44530
-	RESERVED
+CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...)
+	TODO: check
 CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...)
 	NOT-FOR-US: Ivanti
 CVE-2021-44528 (A open redirect vulnerability exists in Action Pack &gt;= 6.0.0 that c ...)
@@ -5337,8 +5337,8 @@ CVE-2021-4025
 	RESERVED
 CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...)
 	NOT-FOR-US: SAP
-CVE-2021-44234
-	RESERVED
+CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that  ...)
+	TODO: check
 CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...)
 	NOT-FOR-US: SAP
 CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...)
@@ -6566,8 +6566,8 @@ CVE-2021-3967
 	RESERVED
 CVE-2021-3966
 	RESERVED
-CVE-2021-3965
-	RESERVED
+CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
+	TODO: check
 CVE-2021-43774
 	RESERVED
 CVE-2021-43773
@@ -10676,8 +10676,8 @@ CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) fi
 	NOT-FOR-US: SAP
 CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...)
 	NOT-FOR-US: SAP
-CVE-2021-42067
-	RESERVED
+CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...)
+	TODO: check
 CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...)
 	NOT-FOR-US: SAP
 CVE-2021-42065
@@ -16388,26 +16388,19 @@ CVE-2021-39685
 	RESERVED
 	- linux 5.15.5-2
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
-CVE-2021-39684
-	RESERVED
+CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...)
 	NOT-FOR-US: Pixel
-CVE-2021-39683
-	RESERVED
+CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...)
 	NOT-FOR-US: Pixel
-CVE-2021-39682
-	RESERVED
+CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...)
 	NOT-FOR-US: Pixel
-CVE-2021-39681
-	RESERVED
+CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...)
 	NOT-FOR-US: Pixel
-CVE-2021-39680
-	RESERVED
+CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...)
 	NOT-FOR-US: Pixel
-CVE-2021-39679
-	RESERVED
+CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...)
 	NOT-FOR-US: Pixel
-CVE-2021-39678
-	RESERVED
+CVE-2021-39678 (In &lt;TBD&gt; of &lt;TBD&gt;, there is a possible bypass of Factory R ...)
 	NOT-FOR-US: Pixel
 CVE-2021-39677
 	RESERVED
@@ -16445,8 +16438,8 @@ CVE-2021-39661
 	RESERVED
 CVE-2021-39660
 	RESERVED
-CVE-2021-39659
-	RESERVED
+CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
+	TODO: check
 CVE-2021-39658
 	RESERVED
 CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...)
@@ -16508,61 +16501,48 @@ CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a
 	NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
 CVE-2021-39635
 	RESERVED
-CVE-2021-39634 [epoll: do not insert into poll queues until all sanity checks are done]
-	RESERVED
+CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...)
 	- linux 5.8.14-1
 	[buster] - linux 4.19.152-1
 	[stretch] - linux 4.9.240-1
 	NOTE: https://source.android.com/security/bulletin/2022-01-01
 	NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8)
-CVE-2021-39633 [ip_gre: add validation for csum_start]
-	RESERVED
+CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...)
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
 	[stretch] - linux 4.9.290-1
 	NOTE: https://source.android.com/security/bulletin/2022-01-01
 	NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14)
-CVE-2021-39632
-	RESERVED
+CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...)
 	NOT-FOR-US: Android
 CVE-2021-39631
 	RESERVED
-CVE-2021-39630
-	RESERVED
+CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...)
 	NOT-FOR-US: Android
-CVE-2021-39629
-	RESERVED
+CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...)
 	NOT-FOR-US: Android
-CVE-2021-39628
-	RESERVED
+CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...)
 	NOT-FOR-US: Android
-CVE-2021-39627
-	RESERVED
+CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
 	NOT-FOR-US: Android
-CVE-2021-39626
-	RESERVED
+CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...)
 	NOT-FOR-US: Android
-CVE-2021-39625
-	RESERVED
+CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
 	NOT-FOR-US: Android
 CVE-2021-39624
 	RESERVED
-CVE-2021-39623
-	RESERVED
-CVE-2021-39622
-	RESERVED
+CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
+	TODO: check
+CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection  ...)
 	NOT-FOR-US: Android
-CVE-2021-39621
-	RESERVED
+CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
 	NOT-FOR-US: Android
-CVE-2021-39620
-	RESERVED
+CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...)
 	NOT-FOR-US: Android
 CVE-2021-39619
 	RESERVED
-CVE-2021-39618
-	RESERVED
+CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...)
 	NOT-FOR-US: Android
 CVE-2021-39617
 	RESERVED
@@ -20279,10 +20259,10 @@ CVE-2021-38129
 	RESERVED
 CVE-2021-38128
 	RESERVED
-CVE-2021-38127
-	RESERVED
-CVE-2021-38126
-	RESERVED
+CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+	TODO: check
+CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+	TODO: check
 CVE-2021-38125
 	RESERVED
 CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...)
@@ -23213,8 +23193,8 @@ CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/A
 	NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
 CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
 	NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
-CVE-2021-36920
-	RESERVED
+CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
+	TODO: check
 CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36918
@@ -24806,8 +24786,8 @@ CVE-2021-36201
 	RESERVED
 CVE-2021-36200
 	RESERVED
-CVE-2021-36199
-	RESERVED
+CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some  ...)
+	TODO: check
 CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...)
 	NOT-FOR-US: Sensormatic Electronics, LLC
 CVE-2021-36197
@@ -43705,8 +43685,8 @@ CVE-2021-28502
 	RESERVED
 CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
 	TODO: check
-CVE-2021-28500
-	RESERVED
+CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the incorrec ...)
+	TODO: check
 CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
 	NOT-FOR-US: Arista
 CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
@@ -54138,8 +54118,8 @@ CVE-2021-24046 (A logic flaw in Ray-Ban&#174; Stories device software allowed so
 	TODO: check
 CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...)
 	TODO: check
-CVE-2021-24044
-	RESERVED
+CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...)
+	TODO: check
 CVE-2021-24043
 	RESERVED
 CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
@@ -55342,10 +55322,10 @@ CVE-2021-23569
 	RESERVED
 CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...)
 	TODO: check
-CVE-2021-23567
-	RESERVED
-CVE-2021-23566
-	RESERVED
+CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...)
+	TODO: check
+CVE-2021-23566 (The package nanoid before 3.1.31 are vulnerable to Information Exposur ...)
+	TODO: check
 CVE-2021-23565
 	RESERVED
 CVE-2021-23564
@@ -67098,8 +67078,7 @@ CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in
 	NOT-FOR-US: NVIDIA Windows drivers
 CVE-2021-1050
 	RESERVED
-CVE-2021-1049
-	RESERVED
+CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...)
 	NOT-FOR-US: Unisoc
 CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...)
 	- linux 5.8.10-1
@@ -67126,12 +67105,12 @@ CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a
 	NOT-FOR-US: Android
 CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...)
 	NOT-FOR-US: Android
-CVE-2021-1037
-	RESERVED
-CVE-2021-1036
-	RESERVED
-CVE-2021-1035
-	RESERVED
+CVE-2021-1037 (The broadcast that DevicePickerFragment sends when a new device is pai ...)
+	TODO: check
+CVE-2021-1036 (In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ...)
+	TODO: check
+CVE-2021-1035 (In setLaunchIntent of BluetoothDevicePickerPreferenceController.java,  ...)
+	TODO: check
 CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...)
 	NOT-FOR-US: Android
 CVE-2021-1033
@@ -67283,8 +67262,7 @@ CVE-2021-0961 (In quota_proc_write of xt_quota2.c, there is a possible way to re
 	NOTE: https://source.android.com/security/bulletin/2021-12-01
 CVE-2021-0960
 	RESERVED
-CVE-2021-0959
-	RESERVED
+CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory restrict ...)
 	NOT-FOR-US: Android
 CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...)
 	NOT-FOR-US: Android
author	security tracker role <sectracker@soriano.debian.org>	2022-01-15 08:10:09 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-01-15 08:10:09 +0000
commit	ef4b157d0e0cc2046a9d05eb5dfa152ea3d56330 (patch)
tree	23f60fede4be446f761c3d52da09f39f2f632cd6 /data/CVE/list.2021
parent	406c4fab4a02334cf442b1bb57599b68592ed42e (diff)