From 6c670ba6029812f9b9019dec0da21972da15cdb2 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 20 Jan 2022 20:10:16 +0000 Subject: automatic update --- data/CVE/list.2021 | 80 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 35 deletions(-) (limited to 'data/CVE/list.2021') diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 868b9d47a5..cf86047137 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -2208,21 +2208,22 @@ CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, ne CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...) NOT-FOR-US: NetBSD CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...) - {DSA-4995-1 DSA-4996-1} + {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...) - {DSA-4975-1 DSA-4976-1} + {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...) - {DSA-4995-1 DSA-4996-1} + {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...) + {DSA-5050-1} - linux 5.15.15-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0 @@ -2274,6 +2275,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular e CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...) NOT-FOR-US: Moxa CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235 CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...) @@ -2330,6 +2332,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy] NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) CVE-2021-4155 RESERVED + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813 NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16) @@ -2481,8 +2484,8 @@ CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Valid NOT-FOR-US: Nova 360 Cabinet CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...) NOT-FOR-US: Nova 360 Cabinet -CVE-2021-45417 - RESERVED +CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...) + {DSA-5051-1} - aide 0.17.4-1 NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4) NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3 @@ -2918,8 +2921,7 @@ CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses t NOT-FOR-US: Apache APISIX Dashboard CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...) NOT-FOR-US: Trend Micro -CVE-2021-45230 - RESERVED +CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...) - airflow (bug #819700) CVE-2021-45229 RESERVED @@ -3370,6 +3372,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel thro NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2 NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1. CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/ CVE-2021-45070 @@ -3994,8 +3997,8 @@ CVE-2021-44831 RESERVED CVE-2021-44830 RESERVED -CVE-2021-44829 - RESERVED +CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...) + TODO: check CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...) NOT-FOR-US: ARM CVE-2021-44827 @@ -4267,16 +4270,16 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] - rainloop 1.14.0-1 (bug #962629) [buster] - rainloop (Minor issue) NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872 -CVE-2021-44738 - RESERVED -CVE-2021-44737 - RESERVED -CVE-2021-44736 - RESERVED -CVE-2021-44735 - RESERVED -CVE-2021-44734 - RESERVED +CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...) + TODO: check +CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...) + TODO: check +CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...) + TODO: check +CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...) + TODO: check +CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...) + TODO: check CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...) - linux [stretch] - linux (Vulnerable code not present) @@ -5538,10 +5541,10 @@ CVE-2021-44247 RESERVED CVE-2021-44246 RESERVED -CVE-2021-44245 - RESERVED -CVE-2021-44244 - RESERVED +CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) + TODO: check +CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) + TODO: check CVE-2021-44243 RESERVED CVE-2021-44242 @@ -5984,12 +5987,12 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug NOT-FOR-US: zrlog CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) NOT-FOR-US: zrlog -CVE-2021-44092 - RESERVED -CVE-2021-44091 - RESERVED -CVE-2021-44090 - RESERVED +CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...) + TODO: check +CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...) + TODO: check +CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...) + TODO: check CVE-2021-44089 RESERVED CVE-2021-44088 @@ -6602,6 +6605,7 @@ CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83 CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...) + {DSA-5049-1} - flatpak 1.12.3-1 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e @@ -10951,8 +10955,8 @@ CVE-2021-3868 RESERVED CVE-2021-3867 RESERVED -CVE-2021-3866 - RESERVED +CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip p ...) + TODO: check CVE-2021-42060 RESERVED CVE-2021-42059 @@ -16655,6 +16659,7 @@ CVE-2021-39686 RESERVED CVE-2021-39685 RESERVED + {DSA-5050-1} - linux 5.15.5-2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4 CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...) @@ -28818,8 +28823,8 @@ CVE-2021-34602 RESERVED CVE-2021-34601 RESERVED -CVE-2021-34600 - RESERVED +CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...) + TODO: check CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) NOT-FOR-US: CODESYS CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) @@ -35050,8 +35055,8 @@ CVE-2021-32041 RESERVED CVE-2021-32040 RESERVED -CVE-2021-32039 - RESERVED +CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...) + TODO: check CVE-2021-32038 RESERVED CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...) @@ -43536,18 +43541,23 @@ CVE-2021-28717 CVE-2021-28716 RESERVED CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-392.html CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} - linux 5.15.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-391.html CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...) -- cgit v1.2.3