diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-21 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-21 20:10:27 +0000 |
commit | 3a727a67b1da6ac04361ba03b9ee1f6145274ac1 (patch) | |
tree | 1f96bc8ba251190abcc6d2a23dbb7279abb4e158 /data/CVE/2021.list | |
parent | ee5b121a206c5449a7872109ab6f28cc4f7cecaf (diff) |
automatic update
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r-- | data/CVE/2021.list | 138 |
1 files changed, 70 insertions, 68 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 215a1faa61..9d91971c3a 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,7 @@ +CVE-2021-46403 + RESERVED +CVE-2021-4208 + RESERVED CVE-2021-46402 RESERVED CVE-2021-46401 @@ -184,12 +188,12 @@ CVE-2021-46311 RESERVED CVE-2021-46310 RESERVED -CVE-2021-46309 - RESERVED -CVE-2021-46308 - RESERVED -CVE-2021-46307 - RESERVED +CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) + TODO: check +CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) + TODO: check +CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) + TODO: check CVE-2021-46306 RESERVED CVE-2021-46305 @@ -410,14 +414,14 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v NOT-FOR-US: Taocms CVE-2021-46202 RESERVED -CVE-2021-46201 - RESERVED -CVE-2021-46200 - RESERVED +CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) + TODO: check +CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) + TODO: check CVE-2021-46199 RESERVED -CVE-2021-46198 - RESERVED +CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) + TODO: check CVE-2021-46197 RESERVED CVE-2021-46196 @@ -2294,7 +2298,7 @@ CVE-2021-4159 RESERVED CVE-2021-45464 RESERVED -CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...) +CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...) - gegl 1:0.4.34-1 (bug #1002661) [bullseye] - gegl <no-dsa> (Minor issue) [buster] - gegl <no-dsa> (Minor issue) @@ -4632,8 +4636,8 @@ CVE-2021-44595 RESERVED CVE-2021-44594 RESERVED -CVE-2021-44593 - RESERVED +CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) + TODO: check CVE-2021-44592 RESERVED CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) @@ -5088,8 +5092,8 @@ CVE-2021-23223 RESERVED CVE-2021-23179 RESERVED -CVE-2021-44464 - RESERVED +CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) + TODO: check CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) NOT-FOR-US: mySCADA myPRO CVE-2021-44451 @@ -5136,30 +5140,30 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version NOT-FOR-US: Siemens CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens -CVE-2021-43355 - RESERVED -CVE-2021-41835 - RESERVED +CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) + TODO: check CVE-2021-4035 RESERVED -CVE-2021-33848 - RESERVED -CVE-2021-33846 - RESERVED -CVE-2021-33843 - RESERVED -CVE-2021-31562 - RESERVED -CVE-2021-23236 - RESERVED -CVE-2021-23233 - RESERVED -CVE-2021-23207 - RESERVED -CVE-2021-23196 - RESERVED -CVE-2021-23195 - RESERVED +CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check +CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...) + TODO: check +CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) + TODO: check +CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) + TODO: check +CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) + TODO: check +CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) + TODO: check +CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) + TODO: check +CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + TODO: check CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Serva CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) @@ -5563,8 +5567,7 @@ CVE-2021-44237 RESERVED CVE-2021-44236 RESERVED -CVE-2021-4032 [kvm: mishandling of memory error during VCPU construction can lead to DoS] - RESERVED +CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...) - linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7) NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7) CVE-2021-4031 @@ -5728,8 +5731,8 @@ CVE-2021-44197 RESERVED CVE-2021-44196 RESERVED -CVE-2021-4016 - RESERVED +CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) + TODO: check CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-4014 @@ -6015,8 +6018,7 @@ CVE-2021-44081 RESERVED CVE-2021-44080 RESERVED -CVE-2021-4001 [race condition when the EBPF map is frozen] - RESERVED +CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux <not-affected> (Vulnerable code introduced later) @@ -13888,8 +13890,8 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca NOT-FOR-US: Auerswald COMpact 5500R devices CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) NOT-FOR-US: Auerswald -CVE-2021-40855 - RESERVED +CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) + TODO: check CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) NOT-FOR-US: AnyDesk CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) @@ -14266,16 +14268,16 @@ CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 R NOT-FOR-US: Adobe CVE-2021-40696 RESERVED -CVE-2021-40695 - RESERVED -CVE-2021-40694 - RESERVED -CVE-2021-40693 - RESERVED -CVE-2021-40692 - RESERVED -CVE-2021-40691 - RESERVED +CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...) + TODO: check +CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...) + TODO: check +CVE-2021-40693 (An authentication bypass risk was identified in the external database ...) + TODO: check +CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...) + TODO: check +CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...) + TODO: check CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) {DSA-5010-1 DLA-2767-1} - libxml-security-java 2.1.7-1 (bug #994569) @@ -14495,8 +14497,8 @@ CVE-2021-40597 RESERVED CVE-2021-40596 RESERVED -CVE-2021-40595 - RESERVED +CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) + TODO: check CVE-2021-40594 RESERVED CVE-2021-40593 @@ -15396,8 +15398,8 @@ CVE-2021-40249 RESERVED CVE-2021-40248 RESERVED -CVE-2021-40247 - RESERVED +CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) + TODO: check CVE-2021-40246 RESERVED CVE-2021-40245 @@ -27922,10 +27924,10 @@ CVE-2021-35006 RESERVED CVE-2021-35005 RESERVED -CVE-2021-35004 - RESERVED -CVE-2021-35003 - RESERVED +CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2021-35002 RESERVED CVE-2021-35001 @@ -30242,8 +30244,8 @@ CVE-2021-33968 RESERVED CVE-2021-33967 RESERVED -CVE-2021-33966 - RESERVED +CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...) + TODO: check CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) @@ -32224,7 +32226,7 @@ CVE-2021-33180 (Improper neutralization of special elements used in an SQL comma NOT-FOR-US: Synology CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) NOT-FOR-US: Nagios XI -CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) +CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...) - nagvis 1:1.9.29-1 [bullseye] - nagvis <no-dsa> (Minor issue) [buster] - nagvis <no-dsa> (Minor issue) |