From 5056e2356289c9f07d7033d86b34ed78c153dfd9 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 18 Nov 2021 20:10:22 +0000 Subject: automatic update --- data/CVE/list.2021 | 303 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 173 insertions(+), 130 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 1ff37ef5b8..1984a902b4 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,47 @@ +CVE-2021-44018 + RESERVED +CVE-2021-44017 + RESERVED +CVE-2021-44016 + RESERVED +CVE-2021-44015 + RESERVED +CVE-2021-44014 + RESERVED +CVE-2021-44013 + RESERVED +CVE-2021-44012 + RESERVED +CVE-2021-44011 + RESERVED +CVE-2021-44010 + RESERVED +CVE-2021-44009 + RESERVED +CVE-2021-44008 + RESERVED +CVE-2021-44007 + RESERVED +CVE-2021-44006 + RESERVED +CVE-2021-44005 + RESERVED +CVE-2021-44004 + RESERVED +CVE-2021-44003 + RESERVED +CVE-2021-44002 + RESERVED +CVE-2021-44001 + RESERVED +CVE-2021-44000 + RESERVED +CVE-2021-43999 + RESERVED +CVE-2021-3976 + RESERVED +CVE-2021-3975 + RESERVED CVE-2021-XXXX [XSS issue in handling attachment filename extension in mimetype mismatch warning] - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/issues/8193 @@ -705,12 +749,12 @@ CVE-2021-43671 RESERVED CVE-2021-43670 RESERVED -CVE-2021-43669 - RESERVED -CVE-2021-43668 - RESERVED -CVE-2021-43667 - RESERVED +CVE-2021-43669 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) + TODO: check +CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a s ...) + TODO: check +CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) + TODO: check CVE-2021-43666 RESERVED CVE-2021-43665 @@ -1022,8 +1066,8 @@ CVE-2021-43551 (A remote attacker with write access to PI Vision could inject co NOT-FOR-US: OSIsoft CVE-2021-43550 RESERVED -CVE-2021-43549 - RESERVED +CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...) + TODO: check CVE-2021-43548 RESERVED CVE-2021-43547 @@ -2251,8 +2295,8 @@ CVE-2021-43019 RESERVED CVE-2021-43018 RESERVED -CVE-2021-43017 - RESERVED +CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...) + TODO: check CVE-2021-43016 RESERVED CVE-2021-43015 @@ -3312,10 +3356,10 @@ CVE-2021-42527 RESERVED CVE-2021-42526 RESERVED -CVE-2021-42525 - RESERVED -CVE-2021-42524 - RESERVED +CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of- ...) + TODO: check +CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + TODO: check CVE-2021-3891 RESERVED CVE-2021-3890 @@ -3909,20 +3953,20 @@ CVE-2021-42274 (Windows Hyper-V Discrete Device Assignment (DDA) Denial of Servi NOT-FOR-US: Microsoft CVE-2021-42273 RESERVED -CVE-2021-42272 - RESERVED -CVE-2021-42271 - RESERVED -CVE-2021-42270 - RESERVED -CVE-2021-42269 - RESERVED -CVE-2021-42268 - RESERVED -CVE-2021-42267 - RESERVED -CVE-2021-42266 - RESERVED +CVE-2021-42272 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + TODO: check +CVE-2021-42271 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + TODO: check +CVE-2021-42270 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + TODO: check +CVE-2021-42269 (Adobe Animate version 21.0.9 (and earlier) are affected by a use-after ...) + TODO: check +CVE-2021-42268 (Adobe Animate version 21.0.9 (and earlier) is affected by a Null point ...) + TODO: check +CVE-2021-42267 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + TODO: check +CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + TODO: check CVE-2021-42265 RESERVED CVE-2021-42264 @@ -7468,28 +7512,28 @@ CVE-2021-40763 RESERVED CVE-2021-40762 RESERVED -CVE-2021-40761 - RESERVED -CVE-2021-40760 - RESERVED -CVE-2021-40759 - RESERVED -CVE-2021-40758 - RESERVED -CVE-2021-40757 - RESERVED -CVE-2021-40756 - RESERVED -CVE-2021-40755 - RESERVED -CVE-2021-40754 - RESERVED -CVE-2021-40753 - RESERVED -CVE-2021-40752 - RESERVED -CVE-2021-40751 - RESERVED +CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) + TODO: check +CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-40759 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-40758 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-40757 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-40756 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) + TODO: check +CVE-2021-40755 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-40754 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-40753 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + TODO: check +CVE-2021-40752 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) + TODO: check +CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) + TODO: check CVE-2021-40750 RESERVED CVE-2021-40749 @@ -7524,8 +7568,8 @@ CVE-2021-40735 RESERVED CVE-2021-40734 RESERVED -CVE-2021-40733 - RESERVED +CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + TODO: check CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) NOT-FOR-US: Adobe CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) @@ -9443,8 +9487,8 @@ CVE-2021-39930 RESERVED CVE-2021-39929 RESERVED -CVE-2021-39928 - RESERVED +CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...) + TODO: check CVE-2021-39927 RESERVED CVE-2021-39926 @@ -9459,8 +9503,8 @@ CVE-2021-39922 RESERVED CVE-2021-39921 RESERVED -CVE-2021-39920 - RESERVED +CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...) + TODO: check CVE-2021-39919 RESERVED CVE-2021-39918 @@ -14258,10 +14302,10 @@ CVE-2021-37941 RESERVED CVE-2021-37940 RESERVED -CVE-2021-37939 - RESERVED -CVE-2021-37938 - RESERVED +CVE-2021-37939 (It was discovered that Kibana’s JIRA connector & IBM Resilie ...) + TODO: check +CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...) + TODO: check CVE-2021-37937 RESERVED CVE-2021-37936 @@ -16636,10 +16680,10 @@ CVE-2021-36911 RESERVED CVE-2021-36910 RESERVED -CVE-2021-36909 - RESERVED -CVE-2021-36908 - RESERVED +CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...) + TODO: check +CVE-2021-36908 (Cross-Site Request Forgery (CSRF) vulnerability leading to Database Re ...) + TODO: check CVE-2021-36907 RESERVED CVE-2021-36906 @@ -19722,10 +19766,10 @@ CVE-2021-35537 (Vulnerability in the MySQL Server product of Oracle MySQL (compo - mysql-8.0 CVE-2021-35536 (Vulnerability in the Oracle Deal Management product of Oracle E-Busine ...) NOT-FOR-US: Oracle -CVE-2021-35535 - RESERVED -CVE-2021-35534 - RESERVED +CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/ ...) + TODO: check +CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...) + TODO: check CVE-2021-35533 RESERVED CVE-2021-35532 @@ -40350,14 +40394,14 @@ CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version NOT-FOR-US: Autodesk CVE-2021-27027 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...) NOT-FOR-US: Autodesk -CVE-2021-27026 - RESERVED -CVE-2021-27025 - RESERVED -CVE-2021-27024 - RESERVED -CVE-2021-27023 - RESERVED +CVE-2021-27026 (A flaw was divered in Puppet Enterprise and other Puppet products wher ...) + TODO: check +CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silently ign ...) + TODO: check +CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD ...) + TODO: check +CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may resul ...) + TODO: check CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...) - puppet (Only affects Puppet Enterprise) NOTE: https://puppet.com/security/cve/CVE-2021-27022/ @@ -42632,22 +42676,22 @@ CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulne NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23199 RESERVED -CVE-2021-23197 - RESERVED -CVE-2021-23193 - RESERVED +CVE-2021-23197 (Unquoted service path vulnerability in the Gallagher Controller Servic ...) + TODO: check +CVE-2021-23193 (Improper privilege validation vulnerability in COM Interface of Gallag ...) + TODO: check CVE-2021-23185 RESERVED CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) NOT-FOR-US: Gallagher Command Centre Server -CVE-2021-23167 - RESERVED -CVE-2021-23162 - RESERVED -CVE-2021-23155 - RESERVED -CVE-2021-23146 - RESERVED +CVE-2021-23167 (Improper certificate validation vulnerability in SMTP Client allows ma ...) + TODO: check +CVE-2021-23162 (Improper validation of the cloud certificate chain in Mobile Connect a ...) + TODO: check +CVE-2021-23155 (Improper validation of the cloud certificate chain in Mobile Client al ...) + TODO: check +CVE-2021-23146 (An Incomplete Comparison with Missing Factors vulnerability in the Gal ...) + TODO: check CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) @@ -61078,25 +61122,24 @@ CVE-2021-0674 RESERVED CVE-2021-0673 RESERVED -CVE-2021-0672 - RESERVED +CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...) NOT-FOR-US: MediaTek components for Android -CVE-2021-0671 - RESERVED -CVE-2021-0670 - RESERVED -CVE-2021-0669 - RESERVED -CVE-2021-0668 - RESERVED -CVE-2021-0667 - RESERVED -CVE-2021-0666 - RESERVED -CVE-2021-0665 - RESERVED -CVE-2021-0664 - RESERVED +CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...) + TODO: check +CVE-2021-0670 (In apusys, there is a possible memory corruption due to a use after fr ...) + TODO: check +CVE-2021-0669 (In apusys, there is a possible memory corruption due to a use after fr ...) + TODO: check +CVE-2021-0668 (In apusys, there is a possible memory corruption due to incorrect erro ...) + TODO: check +CVE-2021-0667 (In apusys, there is a possible memory corruption due to a use after fr ...) + TODO: check +CVE-2021-0666 (In apusys, there is a possible out of bounds read due to an incorrect ...) + TODO: check +CVE-2021-0665 (In apusys, there is a possible out of bounds read due to an incorrect ...) + TODO: check +CVE-2021-0664 (In ccu, there is a possible memory corruption due to a use after free. ...) + TODO: check CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an incorr ...) NOT-FOR-US: Mediatek CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an incorr ...) @@ -61105,16 +61148,16 @@ CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an i NOT-FOR-US: Mediatek CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...) NOT-FOR-US: Mediatek -CVE-2021-0659 - RESERVED -CVE-2021-0658 - RESERVED -CVE-2021-0657 - RESERVED -CVE-2021-0656 - RESERVED -CVE-2021-0655 - RESERVED +CVE-2021-0659 (In apusys, there is a possible out of bounds read due to an incorrect ...) + TODO: check +CVE-2021-0658 (In apusys, there is a possible out of bounds write due to a missing bo ...) + TODO: check +CVE-2021-0657 (In apusys, there is a possible out of bounds write due to a stack-base ...) + TODO: check +CVE-2021-0656 (In edma driver, there is a possible memory corruption due to a use aft ...) + TODO: check +CVE-2021-0655 (In mdlactl driver, there is a possible memory corruption due to an inc ...) + TODO: check CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...) NOT-FOR-US: Android CVE-2021-0653 @@ -61168,8 +61211,8 @@ CVE-2021-0631 (In wifi driver, there is a possible system crash due to a missing NOT-FOR-US: Mediatek CVE-2021-0630 (In wifi driver, there is a possible system crash due to a missing boun ...) NOT-FOR-US: Mediatek -CVE-2021-0629 - RESERVED +CVE-2021-0629 (In mdlactl driver, there is a possible memory corruption due to a use ...) + TODO: check CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...) NOT-FOR-US: Mediatek CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integer ov ...) @@ -61178,18 +61221,18 @@ CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing NOT-FOR-US: Mediatek CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper locking. ...) NOT-FOR-US: Mediatek -CVE-2021-0624 - RESERVED -CVE-2021-0623 - RESERVED -CVE-2021-0622 - RESERVED -CVE-2021-0621 - RESERVED -CVE-2021-0620 - RESERVED -CVE-2021-0619 - RESERVED +CVE-2021-0624 (In flv extractor, there is a possible out of bounds read due to a heap ...) + TODO: check +CVE-2021-0623 (In asf extractor, there is a possible out of bounds read due to an int ...) + TODO: check +CVE-2021-0622 (In asf extractor, there is a possible out of bounds read due to a heap ...) + TODO: check +CVE-2021-0621 (In asf extractor, there is a possible out of bounds read due to an int ...) + TODO: check +CVE-2021-0620 (In asf extractor, there is a possible out of bounds read due to a heap ...) + TODO: check +CVE-2021-0619 (In ape extractor, there is a possible out of bounds read due to a miss ...) + TODO: check CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to a heap ...) NOT-FOR-US: Mediatek CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to a heap ...) -- cgit v1.2.3