diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-15 08:10:09 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-15 08:10:09 +0000 |
commit | ef4b157d0e0cc2046a9d05eb5dfa152ea3d56330 (patch) | |
tree | 23f60fede4be446f761c3d52da09f39f2f632cd6 /data/CVE/list.2021 | |
parent | 406c4fab4a02334cf442b1bb57599b68592ed42e (diff) |
automatic update
Diffstat (limited to 'data/CVE/list.2021')
-rw-r--r-- | data/CVE/list.2021 | 236 |
1 files changed, 107 insertions, 129 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index be6269297c..a1289fd7c3 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -226,8 +226,8 @@ CVE-2021-46197 RESERVED CVE-2021-46196 RESERVED -CVE-2021-46195 - RESERVED +CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the ...) + TODO: check CVE-2021-46194 RESERVED CVE-2021-46193 @@ -274,14 +274,14 @@ CVE-2021-46173 RESERVED CVE-2021-46172 RESERVED -CVE-2021-46171 - RESERVED -CVE-2021-46170 - RESERVED -CVE-2021-46169 - RESERVED -CVE-2021-46168 - RESERVED +CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...) + TODO: check +CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...) + TODO: check +CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability ...) + TODO: check +CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...) + TODO: check CVE-2021-46167 RESERVED CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...) @@ -675,14 +675,14 @@ CVE-2021-46024 RESERVED CVE-2021-46023 RESERVED -CVE-2021-46022 - RESERVED -CVE-2021-46021 - RESERVED -CVE-2021-46020 - RESERVED -CVE-2021-46019 - RESERVED +CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...) + TODO: check +CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...) + TODO: check +CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...) + TODO: check +CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...) + TODO: check CVE-2021-46018 RESERVED CVE-2021-46017 @@ -863,7 +863,7 @@ CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_addre CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...) - libredwg <itp> (bug #595191) CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) - {DSA-5038-1} + {DSA-5038-1 DLA-2879-1} - ghostscript 9.55.0~dfsg-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902 @@ -883,7 +883,7 @@ CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called f CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...) NOT-FOR-US: uWebSockets CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) - {DSA-5038-1} + {DSA-5038-1 DLA-2879-1} - ghostscript 9.54.0~dfsg-5 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml @@ -1355,44 +1355,44 @@ CVE-2021-45784 RESERVED CVE-2021-45783 RESERVED -CVE-2021-45782 - RESERVED -CVE-2021-45781 - RESERVED -CVE-2021-45780 - RESERVED -CVE-2021-45779 - RESERVED -CVE-2021-45778 - RESERVED +CVE-2021-45782 (An untrusted pointer dereference in getcmd() at inetutils/src/tftp.c o ...) + TODO: check +CVE-2021-45781 (GNU Inetutils 2.2.16-cf091 was discovered to contain a heap-based buff ...) + TODO: check +CVE-2021-45780 (GNU Inetutils commit cf091 was discovered to contain a memory leak via ...) + TODO: check +CVE-2021-45779 (A NULL pointer dereference in unsetcmd() at inetutils/telnet/commands. ...) + TODO: check +CVE-2021-45778 (A NULL pointer dereference in setnmap() at cmds.c of GNU Inetutils v2. ...) + TODO: check CVE-2021-45777 RESERVED CVE-2021-45776 RESERVED -CVE-2021-45775 - RESERVED -CVE-2021-45774 - RESERVED -CVE-2021-45773 - RESERVED +CVE-2021-45775 (GNU Inetutils 2.2.16-cf091 was discovered to contain an infinite loop ...) + TODO: check +CVE-2021-45774 (A NULL pointer dereference in help() at inetutils/telnet/commands.c of ...) + TODO: check +CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...) + TODO: check CVE-2021-45772 RESERVED CVE-2021-45771 RESERVED CVE-2021-45770 RESERVED -CVE-2021-45769 - RESERVED +CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...) + TODO: check CVE-2021-45768 RESERVED -CVE-2021-45767 - RESERVED +CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) + TODO: check CVE-2021-45766 RESERVED CVE-2021-45765 RESERVED -CVE-2021-45764 - RESERVED +CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + TODO: check CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) TODO: check CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) @@ -2064,7 +2064,7 @@ CVE-2021-4161 (The affected products contain vulnerable firmware, which could al CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...) - linux <unfixed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235 -CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote ...) +CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...) NOT-FOR-US: Imperva Web Application Firewall CVE-2021-45467 RESERVED @@ -2291,8 +2291,8 @@ CVE-2021-45408 RESERVED CVE-2021-45407 RESERVED -CVE-2021-45406 - RESERVED +CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...) + TODO: check CVE-2021-45405 RESERVED CVE-2021-45404 @@ -2993,10 +2993,10 @@ CVE-2021-26264 RESERVED CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...) NOT-FOR-US: Philips -CVE-2021-23157 - RESERVED -CVE-2021-23138 - RESERVED +CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...) + TODO: check +CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...) + TODO: check CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues] - spip 3.2.12-1 [bullseye] - spip 3.2.11-3+deb11u1 @@ -3773,8 +3773,8 @@ CVE-2021-44830 RESERVED CVE-2021-44829 RESERVED -CVE-2021-44828 - RESERVED +CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...) + TODO: check CVE-2021-44827 RESERVED CVE-2021-44826 @@ -4643,8 +4643,8 @@ CVE-2021-44531 [Improper handling of URI Subject Alternative Names] NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531 NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x) NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x) -CVE-2021-44530 - RESERVED +CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...) + TODO: check CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...) NOT-FOR-US: Ivanti CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >= 6.0.0 that c ...) @@ -5337,8 +5337,8 @@ CVE-2021-4025 RESERVED CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...) NOT-FOR-US: SAP -CVE-2021-44234 - RESERVED +CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that ...) + TODO: check CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...) NOT-FOR-US: SAP CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...) @@ -6566,8 +6566,8 @@ CVE-2021-3967 RESERVED CVE-2021-3966 RESERVED -CVE-2021-3965 - RESERVED +CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...) + TODO: check CVE-2021-43774 RESERVED CVE-2021-43773 @@ -10676,8 +10676,8 @@ CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) fi NOT-FOR-US: SAP CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...) NOT-FOR-US: SAP -CVE-2021-42067 - RESERVED +CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...) + TODO: check CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...) NOT-FOR-US: SAP CVE-2021-42065 @@ -16388,26 +16388,19 @@ CVE-2021-39685 RESERVED - linux 5.15.5-2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4 -CVE-2021-39684 - RESERVED +CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...) NOT-FOR-US: Pixel -CVE-2021-39683 - RESERVED +CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...) NOT-FOR-US: Pixel -CVE-2021-39682 - RESERVED +CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...) NOT-FOR-US: Pixel -CVE-2021-39681 - RESERVED +CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...) NOT-FOR-US: Pixel -CVE-2021-39680 - RESERVED +CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...) NOT-FOR-US: Pixel -CVE-2021-39679 - RESERVED +CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...) NOT-FOR-US: Pixel -CVE-2021-39678 - RESERVED +CVE-2021-39678 (In <TBD> of <TBD>, there is a possible bypass of Factory R ...) NOT-FOR-US: Pixel CVE-2021-39677 RESERVED @@ -16445,8 +16438,8 @@ CVE-2021-39661 RESERVED CVE-2021-39660 RESERVED -CVE-2021-39659 - RESERVED +CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...) + TODO: check CVE-2021-39658 RESERVED CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...) @@ -16508,61 +16501,48 @@ CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 CVE-2021-39635 RESERVED -CVE-2021-39634 [epoll: do not insert into poll queues until all sanity checks are done] - RESERVED +CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...) - linux 5.8.14-1 [buster] - linux 4.19.152-1 [stretch] - linux 4.9.240-1 NOTE: https://source.android.com/security/bulletin/2022-01-01 NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8) -CVE-2021-39633 [ip_gre: add validation for csum_start] - RESERVED +CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux 4.9.290-1 NOTE: https://source.android.com/security/bulletin/2022-01-01 NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14) -CVE-2021-39632 - RESERVED +CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2021-39631 RESERVED -CVE-2021-39630 - RESERVED +CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...) NOT-FOR-US: Android -CVE-2021-39629 - RESERVED +CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...) NOT-FOR-US: Android -CVE-2021-39628 - RESERVED +CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...) NOT-FOR-US: Android -CVE-2021-39627 - RESERVED +CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) NOT-FOR-US: Android -CVE-2021-39626 - RESERVED +CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) NOT-FOR-US: Android -CVE-2021-39625 - RESERVED +CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...) NOT-FOR-US: Android CVE-2021-39624 RESERVED -CVE-2021-39623 - RESERVED -CVE-2021-39622 - RESERVED +CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...) + TODO: check +CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...) NOT-FOR-US: Android -CVE-2021-39621 - RESERVED +CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) NOT-FOR-US: Android -CVE-2021-39620 - RESERVED +CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...) NOT-FOR-US: Android CVE-2021-39619 RESERVED -CVE-2021-39618 - RESERVED +CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...) NOT-FOR-US: Android CVE-2021-39617 RESERVED @@ -20279,10 +20259,10 @@ CVE-2021-38129 RESERVED CVE-2021-38128 RESERVED -CVE-2021-38127 - RESERVED -CVE-2021-38126 - RESERVED +CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + TODO: check +CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + TODO: check CVE-2021-38125 RESERVED CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...) @@ -23213,8 +23193,8 @@ CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/A NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices -CVE-2021-36920 - RESERVED +CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...) + TODO: check CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...) NOT-FOR-US: WordPress plugin CVE-2021-36918 @@ -24806,8 +24786,8 @@ CVE-2021-36201 RESERVED CVE-2021-36200 RESERVED -CVE-2021-36199 - RESERVED +CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...) + TODO: check CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...) NOT-FOR-US: Sensormatic Electronics, LLC CVE-2021-36197 @@ -43705,8 +43685,8 @@ CVE-2021-28502 RESERVED CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...) TODO: check -CVE-2021-28500 - RESERVED +CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the incorrec ...) + TODO: check CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...) @@ -54138,8 +54118,8 @@ CVE-2021-24046 (A logic flaw in Ray-Ban® Stories device software allowed so TODO: check CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...) TODO: check -CVE-2021-24044 - RESERVED +CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...) + TODO: check CVE-2021-24043 RESERVED CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...) @@ -55342,10 +55322,10 @@ CVE-2021-23569 RESERVED CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...) TODO: check -CVE-2021-23567 - RESERVED -CVE-2021-23566 - RESERVED +CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...) + TODO: check +CVE-2021-23566 (The package nanoid before 3.1.31 are vulnerable to Information Exposur ...) + TODO: check CVE-2021-23565 RESERVED CVE-2021-23564 @@ -67098,8 +67078,7 @@ CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in NOT-FOR-US: NVIDIA Windows drivers CVE-2021-1050 RESERVED -CVE-2021-1049 - RESERVED +CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...) NOT-FOR-US: Unisoc CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...) - linux 5.8.10-1 @@ -67126,12 +67105,12 @@ CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a NOT-FOR-US: Android CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...) NOT-FOR-US: Android -CVE-2021-1037 - RESERVED -CVE-2021-1036 - RESERVED -CVE-2021-1035 - RESERVED +CVE-2021-1037 (The broadcast that DevicePickerFragment sends when a new device is pai ...) + TODO: check +CVE-2021-1036 (In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ...) + TODO: check +CVE-2021-1035 (In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, ...) + TODO: check CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...) NOT-FOR-US: Android CVE-2021-1033 @@ -67283,8 +67262,7 @@ CVE-2021-0961 (In quota_proc_write of xt_quota2.c, there is a possible way to re NOTE: https://source.android.com/security/bulletin/2021-12-01 CVE-2021-0960 RESERVED -CVE-2021-0959 - RESERVED +CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory restrict ...) NOT-FOR-US: Android CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...) NOT-FOR-US: Android |