automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-18 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-18 20:10:22 +0000
commit: 73d764a4e1a413a9300a44cc54b6cc2aeacc892e (patch)
tree: f391fb96668f9e514913e203df12409a2e5ca832 /data/CVE/2021.list
parent: caea15e92f2cb1f3998d980c3fd15c8b33e50317 (diff)
1 files changed, 40 insertions, 46 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 167a2b1ead..c4a8c3e782 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,5 @@
+CVE-2021-4221
+	RESERVED
 CVE-2021-46699
 	RESERVED
 CVE-2021-4220
@@ -723,8 +725,8 @@ CVE-2021-46374
 	RESERVED
 CVE-2021-46373
 	RESERVED
-CVE-2021-46372
-	RESERVED
+CVE-2021-46372 (Scoold 1.47.2 is a Q&amp;A/knowledge base platform written in Java. Wh ...)
+	TODO: check
 CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...)
 	NOT-FOR-US: antd-admin
 CVE-2021-46370
@@ -1598,10 +1600,10 @@ CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unli
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/2000
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
-CVE-2021-46037
-	RESERVED
-CVE-2021-46036
-	RESERVED
+CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
+	TODO: check
+CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...)
+	TODO: check
 CVE-2021-46035
 	RESERVED
 CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
@@ -3230,7 +3232,7 @@ CVE-2021-45446
 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
 	NOT-FOR-US: Unisys
 CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
-	{DSA-5078-1}
+	{DSA-5078-1 DLA-2926-1}
 	- zsh 5.8.1-1
 	NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
 	NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
@@ -3333,8 +3335,8 @@ CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linu
 	NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60
 	NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
 	NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6
-CVE-2021-45401
-	RESERVED
+CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...)
+	TODO: check
 CVE-2021-45400
 	RESERVED
 CVE-2021-45399
@@ -3411,7 +3413,7 @@ CVE-2021-45366
 	RESERVED
 CVE-2021-45365
 	RESERVED
-CVE-2021-45364 (A Code Execution vulnerability exists in Statamic Version through 3.2. ...)
+CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...)
 	NOT-FOR-US: Statamic
 CVE-2021-45363
 	RESERVED
@@ -4493,8 +4495,8 @@ CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (
 	NOT-FOR-US: MiniCMS
 CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
 	NOT-FOR-US: Taocms
-CVE-2021-44968
-	RESERVED
+CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15  ...)
+	TODO: check
 CVE-2021-44967
 	RESERVED
 CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
@@ -4983,8 +4985,7 @@ CVE-2021-4095
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194
 CVE-2021-4094
 	RESERVED
-CVE-2021-4093
-	RESERVED
+CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...)
 	- linux 5.14.16-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4993,14 +4994,12 @@ CVE-2021-4093
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
 CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: yetiforcecrm
-CVE-2021-4091 [double-free of the virtual attribute context in persistent search]
-	RESERVED
+CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
 	- 389-ds-base <unfixed>
 	[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
 	NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
-CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
-	RESERVED
+CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the  ...)
 	- linux 5.15.5-1
 	[bullseye] - linux <not-affected> (Vulnerable code introduced later)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5156,9 +5155,11 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
 CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when  ...)
+	{DSA-5080-1}
 	- snapd <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
 CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
+	{DSA-5080-1}
 	- snapd <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
 CVE-2021-44729
@@ -8243,11 +8244,9 @@ CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who i
 	NOT-FOR-US: Philips
 CVE-2021-3949
 	RESERVED
-CVE-2021-3948
-	RESERVED
+CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...)
 	NOT-FOR-US: Migration Toolkit for Containers
-CVE-2021-3947 [NVME: Arbitrary Memory Read]
-	RESERVED
+CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...)
 	- qemu 1:6.2+dfsg-1
 	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -8778,8 +8777,7 @@ CVE-2021-43401
 	RESERVED
 CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: snipe-it
-CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
-	RESERVED
+CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
 	- qemu 1:6.2+dfsg-1
 	[bullseye] - qemu <postponed> (Minor issue)
 	[buster] - qemu <postponed> (Minor issue)
@@ -19451,8 +19449,8 @@ CVE-2021-39028
 	RESERVED
 CVE-2021-39027
 	RESERVED
-CVE-2021-39026
-	RESERVED
+CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
+	TODO: check
 CVE-2021-39025
 	RESERVED
 CVE-2021-39024
@@ -19633,8 +19631,8 @@ CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an a
 	NOT-FOR-US: IBM
 CVE-2021-38936
 	RESERVED
-CVE-2021-38935
-	RESERVED
+CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
+	TODO: check
 CVE-2021-38934
 	RESERVED
 CVE-2021-38933
@@ -24083,8 +24081,7 @@ CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3
 	NOT-FOR-US: Sonatype
 CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...)
 	NOT-FOR-US: CyberArk Identity
-CVE-2021-3657 [multiple buffer overflows in isync/mbsync]
-	RESERVED
+CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate  ...)
 	- isync 1.4.4-1
 	[bullseye] - isync 1.3.0-2.2+deb11u1
 	[buster] - isync <no-dsa> (Minor issue)
@@ -39637,8 +39634,8 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This
 	NOT-FOR-US: Apple
 CVE-2021-30651
 	RESERVED
-CVE-2021-30650
-	RESERVED
+CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
+	TODO: check
 CVE-2021-30649
 	RESERVED
 CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management  ...)
@@ -49703,10 +49700,10 @@ CVE-2021-26621
 	RESERVED
 CVE-2021-26620
 	RESERVED
-CVE-2021-26619
-	RESERVED
-CVE-2021-26618
-	RESERVED
+CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was  ...)
+	TODO: check
+CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
+	TODO: check
 CVE-2021-26617
 	RESERVED
 CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
@@ -61311,6 +61308,7 @@ CVE-2021-21709
 	RESERVED
 CVE-2021-21708
 	RESERVED
+	{DSA-5082-1}
 	- php8.1 <unfixed>
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -61318,6 +61316,7 @@ CVE-2021-21708
 	NOTE: Fixed in 8.1.3, 7.4.28
 	NOTE: PHP Bug: https://bugs.php.net/81708
 CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...)
+	{DSA-5082-1}
 	- php8.1 8.1.0-1
 	- php8.0 <removed>
 	- php7.4 7.4.26-1
@@ -64610,8 +64609,7 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma
 	- mongodb <removed>
 	[stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
 	NOTE: https://jira.mongodb.org/browse/SERVER-53929
-CVE-2021-20325
-	RESERVED
+CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
 	- apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
 CVE-2021-20324
@@ -64620,20 +64618,17 @@ CVE-2021-20324
 CVE-2021-20323
 	RESERVED
 	NOT-FOR-US: Keycloak
-CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies]
-	RESERVED
+CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
 	{DLA-2843-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
-CVE-2021-20321
-	RESERVED
+CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...)
 	{DLA-2843-1}
 	- linux 5.14.12-1
 	[bullseye] - linux 5.10.84-1
 	NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
-CVE-2021-20320
-	RESERVED
+CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...)
 	- linux 5.14.9-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
@@ -64655,8 +64650,7 @@ CVE-2021-20316
 	[buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
 	NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842
-CVE-2021-20315 [locking protection bypass allow unauthorized user to kill existing applications or start new ones]
-	RESERVED
+CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...)
 	- gnome-shell <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285
 	TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
author	security tracker role <sectracker@soriano.debian.org>	2022-02-18 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-18 20:10:22 +0000
commit	73d764a4e1a413a9300a44cc54b6cc2aeacc892e (patch)
tree	f391fb96668f9e514913e203df12409a2e5ca832 /data/CVE/2021.list
parent	caea15e92f2cb1f3998d980c3fd15c8b33e50317 (diff)