From 631472fdb191b72a320d752c6a16a929c7525488 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 18 Feb 2022 08:10:29 +0000 Subject: automatic update --- data/CVE/2021.list | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) (limited to 'data/CVE/2021.list') diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 6bdc38e0c9..98000e62fb 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -869,18 +869,18 @@ CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to c NOT-FOR-US: Tenda CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked se ...) NOT-FOR-US: OpenZeppelin -CVE-2021-46319 - RESERVED +CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...) + TODO: check CVE-2021-46318 RESERVED CVE-2021-46317 RESERVED CVE-2021-46316 RESERVED -CVE-2021-46315 - RESERVED -CVE-2021-46314 - RESERVED +CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...) + TODO: check +CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...) + TODO: check CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...) - gpac [bullseye] - gpac (Minor issue) @@ -1402,8 +1402,8 @@ CVE-2021-46110 RESERVED CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) NOT-FOR-US: ASUS -CVE-2021-46108 - RESERVED +CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...) + TODO: check CVE-2021-46107 RESERVED CVE-2021-46106 @@ -3377,8 +3377,8 @@ CVE-2021-45384 RESERVED CVE-2021-45383 RESERVED -CVE-2021-45382 - RESERVED +CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...) + TODO: check CVE-2021-45381 RESERVED CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...) @@ -4250,8 +4250,7 @@ CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and NOT-FOR-US: Adobe CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) NOT-FOR-US: Adobe -CVE-2021-4120 - RESERVED +CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...) - snapd NOTE: https://bugs.launchpad.net/snapd/+bug/1949368 CVE-2021-45050 @@ -5151,12 +5150,10 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory - mbedtls 2.28.0-0.3 (bug #1002631) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12) -CVE-2021-44731 - RESERVED +CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...) - snapd NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 -CVE-2021-44730 - RESERVED +CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...) - snapd NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 CVE-2021-44729 @@ -13057,8 +13054,8 @@ CVE-2021-41601 RESERVED CVE-2021-41600 RESERVED -CVE-2021-41599 - RESERVED +CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...) + TODO: check CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...) @@ -53367,8 +53364,7 @@ CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89 NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783 NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3 -CVE-2021-3155 - RESERVED +CVE-2021-3155 (snapd 2.54.2 and earlier created ~/snap directories in user home direc ...) - snapd 2.54-1 NOTE: https://github.com/snapcore/snapd/pull/9841 NOTE: https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 (2.52) -- cgit v1.2.3