diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-10-13 08:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-10-13 08:10:14 +0000 |
commit | 31a21f14a41551587c368cd0babf001d2c369458 (patch) | |
tree | b3b2041ee265bb585ffc304c18763bf5ffa6aa63 /data | |
parent | 233a537f915231a89fe153b1ed76fbd6d9149563 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2020 | 28 | ||||
-rw-r--r-- | data/CVE/list.2021 | 362 |
2 files changed, 214 insertions, 176 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 33988467d6..165e049ee5 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -19741,20 +19741,20 @@ CVE-2020-22681 RESERVED CVE-2020-22680 RESERVED -CVE-2020-22679 - RESERVED -CVE-2020-22678 - RESERVED -CVE-2020-22677 - RESERVED +CVE-2020-22679 (Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 a ...) + TODO: check +CVE-2020-22678 (An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulat ...) + TODO: check +CVE-2020-22677 (An issue was discovered in gpac 0.8.0. The dump_data_hex function in b ...) + TODO: check CVE-2020-22676 RESERVED -CVE-2020-22675 - RESERVED -CVE-2020-22674 - RESERVED -CVE-2020-22673 - RESERVED +CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function in stb ...) + TODO: check +CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...) + TODO: check +CVE-2020-22673 (Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows ...) + TODO: check CVE-2020-22672 RESERVED CVE-2020-22671 @@ -33642,7 +33642,7 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy [stretch] - linux <not-affected> (Vulnerable configuration combination not possible) NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6 CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7 @@ -64236,7 +64236,7 @@ CVE-2020-3704 (u'While processing invalid connection request PDU which is nonsta CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/ diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index b6f3c359c4..6f0c55574e 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,25 @@ +CVE-2021-42339 + RESERVED +CVE-2021-42338 + RESERVED +CVE-2021-42337 + RESERVED +CVE-2021-42336 + RESERVED +CVE-2021-42335 + RESERVED +CVE-2021-42334 + RESERVED +CVE-2021-42333 + RESERVED +CVE-2021-42332 + RESERVED +CVE-2021-42331 + RESERVED +CVE-2021-42330 + RESERVED +CVE-2021-42329 + RESERVED CVE-2021-42328 RESERVED CVE-2021-42327 @@ -165,6 +187,7 @@ CVE-2021-42254 CVE-2021-42253 RESERVED CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...) + {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 @@ -489,6 +512,7 @@ CVE-2021-3871 CVE-2021-3870 RESERVED CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...) + {DSA-4984-1} - flatpak 1.12.1-1 (bug #995935) [buster] - flatpak <ignored> (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q @@ -718,6 +742,7 @@ CVE-2021-3860 CVE-2021-3859 RESERVED CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...) + {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 @@ -2168,74 +2193,74 @@ CVE-2021-41365 RESERVED CVE-2021-41364 RESERVED -CVE-2021-41363 - RESERVED +CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...) + TODO: check CVE-2021-41362 RESERVED -CVE-2021-41361 - RESERVED +CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...) + TODO: check CVE-2021-41360 RESERVED CVE-2021-41359 RESERVED CVE-2021-41358 RESERVED -CVE-2021-41357 - RESERVED +CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + TODO: check CVE-2021-41356 RESERVED -CVE-2021-41355 - RESERVED -CVE-2021-41354 - RESERVED -CVE-2021-41353 - RESERVED -CVE-2021-41352 - RESERVED +CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...) + TODO: check +CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + TODO: check +CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...) + TODO: check +CVE-2021-41352 (SCOM Information Disclosure Vulnerability ...) + TODO: check CVE-2021-41351 RESERVED -CVE-2021-41350 - RESERVED +CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability ...) + TODO: check CVE-2021-41349 RESERVED -CVE-2021-41348 - RESERVED -CVE-2021-41347 - RESERVED -CVE-2021-41346 - RESERVED -CVE-2021-41345 - RESERVED -CVE-2021-41344 - RESERVED -CVE-2021-41343 - RESERVED -CVE-2021-41342 - RESERVED +CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability ...) + TODO: check +CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + TODO: check +CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + TODO: check +CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) + TODO: check +CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability ...) + TODO: check CVE-2021-41341 RESERVED -CVE-2021-41340 - RESERVED -CVE-2021-41339 - RESERVED -CVE-2021-41338 - RESERVED -CVE-2021-41337 - RESERVED -CVE-2021-41336 - RESERVED -CVE-2021-41335 - RESERVED -CVE-2021-41334 - RESERVED +CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability ...) + TODO: check +CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...) + TODO: check +CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability ...) + TODO: check +CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability ...) + TODO: check +CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...) + TODO: check CVE-2021-41333 RESERVED -CVE-2021-41332 - RESERVED -CVE-2021-41331 - RESERVED -CVE-2021-41330 - RESERVED +CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...) + TODO: check +CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...) + TODO: check +CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + TODO: check CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...) NOT-FOR-US: Datalust Seq CVE-2021-41328 @@ -4186,88 +4211,88 @@ CVE-2021-40493 RESERVED CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...) NOT-FOR-US: Gibbon application -CVE-2021-40489 - RESERVED -CVE-2021-40488 - RESERVED -CVE-2021-40487 - RESERVED -CVE-2021-40486 - RESERVED -CVE-2021-40485 - RESERVED -CVE-2021-40484 - RESERVED -CVE-2021-40483 - RESERVED -CVE-2021-40482 - RESERVED -CVE-2021-40481 - RESERVED -CVE-2021-40480 - RESERVED -CVE-2021-40479 - RESERVED -CVE-2021-40478 - RESERVED -CVE-2021-40477 - RESERVED -CVE-2021-40476 - RESERVED -CVE-2021-40475 - RESERVED -CVE-2021-40474 - RESERVED -CVE-2021-40473 - RESERVED -CVE-2021-40472 - RESERVED -CVE-2021-40471 - RESERVED -CVE-2021-40470 - RESERVED -CVE-2021-40469 - RESERVED -CVE-2021-40468 - RESERVED -CVE-2021-40467 - RESERVED -CVE-2021-40466 - RESERVED -CVE-2021-40465 - RESERVED -CVE-2021-40464 - RESERVED -CVE-2021-40463 - RESERVED -CVE-2021-40462 - RESERVED -CVE-2021-40461 - RESERVED -CVE-2021-40460 - RESERVED +CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + TODO: check +CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + TODO: check +CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + TODO: check +CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability ...) + TODO: check +CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + TODO: check +CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + TODO: check +CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + TODO: check +CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) + TODO: check +CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + TODO: check +CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + TODO: check +CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + TODO: check +CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + TODO: check +CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability ...) + TODO: check +CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) + TODO: check +CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + TODO: check +CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + TODO: check +CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability ...) + TODO: check +CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + TODO: check +CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability ...) + TODO: check +CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability ...) + TODO: check +CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check +CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check +CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability ...) + TODO: check +CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-40463 (Windows NAT Denial of Service Vulnerability ...) + TODO: check +CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...) + TODO: check +CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...) + TODO: check +CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...) + TODO: check CVE-2021-40459 RESERVED CVE-2021-40458 RESERVED -CVE-2021-40457 - RESERVED -CVE-2021-40456 - RESERVED -CVE-2021-40455 - RESERVED -CVE-2021-40454 - RESERVED +CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) + TODO: check +CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability ...) + TODO: check +CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...) + TODO: check +CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...) + TODO: check CVE-2021-40453 RESERVED CVE-2021-40452 RESERVED CVE-2021-40451 RESERVED -CVE-2021-40450 - RESERVED -CVE-2021-40449 - RESERVED +CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + TODO: check +CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + TODO: check CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...) NOT-FOR-US: Microsoft CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) @@ -4278,8 +4303,8 @@ CVE-2021-40445 RESERVED CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft -CVE-2021-40443 - RESERVED +CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + TODO: check CVE-2021-40442 RESERVED CVE-2021-40441 @@ -4315,7 +4340,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate add NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/ @@ -4564,7 +4589,7 @@ CVE-2021-3754 RESERVED CVE-2021-3753 RESERVED - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 @@ -4984,7 +5009,7 @@ CVE-2021-40148 RESERVED CVE-2021-3743 RESERVED - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -6134,7 +6159,7 @@ CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs] NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14) CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files] RESERVED - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249 @@ -8420,8 +8445,8 @@ CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Fla NOT-FOR-US: adminlte CVE-2021-38673 RESERVED -CVE-2021-38672 - RESERVED +CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...) + TODO: check CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2021-38670 @@ -8438,10 +8463,10 @@ CVE-2021-38665 RESERVED CVE-2021-38664 RESERVED -CVE-2021-38663 - RESERVED -CVE-2021-38662 - RESERVED +CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability ...) + TODO: check +CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) + TODO: check CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) @@ -9567,11 +9592,13 @@ CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48 CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...) + {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37 CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...) + {DLA-2785-1} - linux 5.14.6-1 (unimportant) [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 @@ -9592,11 +9619,12 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12. - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...) + {DLA-2785-1} - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7 @@ -9717,7 +9745,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9 NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46 @@ -10249,7 +10277,7 @@ CVE-2021-3681 CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...) NOT-FOR-US: showdoc CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a @@ -11161,7 +11189,7 @@ CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to un CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...) NOT-FOR-US: Node body-parser-xml CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux <ignored> (powerpc architectures not included in LTS) @@ -12002,6 +12030,7 @@ CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authenticat CVE-2021-3657 RESERVED CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...) + {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 @@ -12040,7 +12069,7 @@ CVE-2021-37140 RESERVED CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested] RESERVED - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux <not-affected> (Vulnerable code not present) @@ -12370,6 +12399,7 @@ CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...) NOT-FOR-US: SerNet verinice CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...) + {DLA-2785-1} - linux 5.10.46-3 [buster] - linux 4.19.208-1 CVE-2021-3654 [novnc allows open redirection] @@ -12430,8 +12460,8 @@ CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is NOT-FOR-US: Microsoft CVE-2021-36971 RESERVED -CVE-2021-36970 - RESERVED +CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability ...) + TODO: check CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) NOT-FOR-US: Microsoft CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...) @@ -12464,8 +12494,8 @@ CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vul NOT-FOR-US: Microsoft CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft -CVE-2021-36953 - RESERVED +CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability ...) + TODO: check CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-36951 @@ -12823,7 +12853,7 @@ CVE-2021-36776 CVE-2021-36775 RESERVED CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) - {DSA-4978-1} + {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 @@ -15787,6 +15817,7 @@ CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...) NOT-FOR-US: Nagios Log Server CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) + {DLA-2785-1} - linux 5.10.46-4 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 @@ -16695,6 +16726,7 @@ CVE-2021-35068 CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...) NOT-FOR-US: Meross MSG100 devices CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...) + {DLA-2785-1} - linux 5.10.46-3 [buster] - linux 4.19.208-1 NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/ @@ -16777,6 +16809,7 @@ CVE-2021-3609 CVE-2021-35040 RESERVED CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...) + {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 @@ -17564,6 +17597,7 @@ CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack NOT-FOR-US: Receita Federal IRPF 2021 1.7 CVE-2021-3600 RESERVED + {DLA-2785-1} - linux 5.10.19-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 @@ -17883,6 +17917,7 @@ CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly as NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x) NOTE: key_agreement.go also bundled in various other packages CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) + {DLA-2785-1} - linux 5.10.46-4 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 @@ -18109,8 +18144,8 @@ CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerabilit NOT-FOR-US: Microsoft CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft -CVE-2021-34453 - RESERVED +CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability ...) + TODO: check CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability ...) @@ -19973,6 +20008,7 @@ CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did n CVE-2021-33625 RESERVED CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...) + {DLA-2785-1} - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1 @@ -32839,6 +32875,7 @@ CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is su CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...) NOT-FOR-US: Arista CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...) + {DLA-2785-1} - linux 5.10.19-1 [buster] - linux 4.19.208-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -37624,10 +37661,10 @@ CVE-2021-26444 RESERVED CVE-2021-26443 RESERVED -CVE-2021-26442 - RESERVED -CVE-2021-26441 - RESERVED +CVE-2021-26442 (Windows HTTP.sys Elevation of Privilege Vulnerability ...) + TODO: check +CVE-2021-26441 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + TODO: check CVE-2021-26440 RESERVED CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...) @@ -37654,8 +37691,8 @@ CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft -CVE-2021-26427 - RESERVED +CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability ...) + TODO: check CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) @@ -37976,8 +38013,8 @@ CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protecti NOT-FOR-US: WPS Hide Logi CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...) NOT-FOR-US: WinSCP -CVE-2021-3330 - RESERVED +CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...) + TODO: check CVE-2021-3329 RESERVED CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...) @@ -38035,12 +38072,12 @@ CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenti NOT-FOR-US: Monitorix CVE-2021-3324 RESERVED -CVE-2021-3323 - RESERVED -CVE-2021-3322 - RESERVED -CVE-2021-3321 - RESERVED +CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...) + TODO: check +CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...) + TODO: check +CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header ...) + TODO: check CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...) @@ -46658,6 +46695,7 @@ CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cau CVE-2021-22544 RESERVED CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...) + {DLA-2785-1} - linux 5.10.46-2 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3 @@ -52926,8 +52964,8 @@ CVE-2021-20033 RESERVED CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...) NOT-FOR-US: SonicWall -CVE-2021-20031 - RESERVED +CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...) + TODO: check CVE-2021-20030 RESERVED CVE-2021-20029 |