From 73d764a4e1a413a9300a44cc54b6cc2aeacc892e Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 18 Feb 2022 20:10:22 +0000 Subject: automatic update --- data/CVE/2021.list | 86 +++++++++++++++++++++++++----------------------------- 1 file changed, 40 insertions(+), 46 deletions(-) (limited to 'data/CVE/2021.list') diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 167a2b1ead..c4a8c3e782 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,5 @@ +CVE-2021-4221 + RESERVED CVE-2021-46699 RESERVED CVE-2021-4220 @@ -723,8 +725,8 @@ CVE-2021-46374 RESERVED CVE-2021-46373 RESERVED -CVE-2021-46372 - RESERVED +CVE-2021-46372 (Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. Wh ...) + TODO: check CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...) NOT-FOR-US: antd-admin CVE-2021-46370 @@ -1598,10 +1600,10 @@ CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unli - gpac NOTE: https://github.com/gpac/gpac/issues/2000 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f -CVE-2021-46037 - RESERVED -CVE-2021-46036 - RESERVED +CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...) + TODO: check +CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...) + TODO: check CVE-2021-46035 RESERVED CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...) @@ -3230,7 +3232,7 @@ CVE-2021-45446 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...) NOT-FOR-US: Unisys CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...) - {DSA-5078-1} + {DSA-5078-1 DLA-2926-1} - zsh 5.8.1-1 NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/ @@ -3333,8 +3335,8 @@ CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linu NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60 NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029 NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6 -CVE-2021-45401 - RESERVED +CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...) + TODO: check CVE-2021-45400 RESERVED CVE-2021-45399 @@ -3411,7 +3413,7 @@ CVE-2021-45366 RESERVED CVE-2021-45365 RESERVED -CVE-2021-45364 (A Code Execution vulnerability exists in Statamic Version through 3.2. ...) +CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...) NOT-FOR-US: Statamic CVE-2021-45363 RESERVED @@ -4493,8 +4495,8 @@ CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting ( NOT-FOR-US: MiniCMS CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: Taocms -CVE-2021-44968 - RESERVED +CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...) + TODO: check CVE-2021-44967 RESERVED CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...) @@ -4983,8 +4985,7 @@ CVE-2021-4095 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194 CVE-2021-4094 RESERVED -CVE-2021-4093 - RESERVED +CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...) - linux 5.14.16-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -4993,14 +4994,12 @@ CVE-2021-4093 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584 CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: yetiforcecrm -CVE-2021-4091 [double-free of the virtual attribute context in persistent search] - RESERVED +CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...) - 389-ds-base [stretch] - 389-ds-base (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307 NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4) -CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function] - RESERVED +CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) @@ -5156,9 +5155,11 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12) CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...) + {DSA-5080-1} - snapd NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...) + {DSA-5080-1} - snapd NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 CVE-2021-44729 @@ -8243,11 +8244,9 @@ CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who i NOT-FOR-US: Philips CVE-2021-3949 RESERVED -CVE-2021-3948 - RESERVED +CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...) NOT-FOR-US: Migration Toolkit for Containers -CVE-2021-3947 [NVME: Arbitrary Memory Read] - RESERVED +CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...) - qemu 1:6.2+dfsg-1 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) @@ -8778,8 +8777,7 @@ CVE-2021-43401 RESERVED CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: snipe-it -CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c] - RESERVED +CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...) - qemu 1:6.2+dfsg-1 [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) @@ -19451,8 +19449,8 @@ CVE-2021-39028 RESERVED CVE-2021-39027 RESERVED -CVE-2021-39026 - RESERVED +CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...) + TODO: check CVE-2021-39025 RESERVED CVE-2021-39024 @@ -19633,8 +19631,8 @@ CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an a NOT-FOR-US: IBM CVE-2021-38936 RESERVED -CVE-2021-38935 - RESERVED +CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...) + TODO: check CVE-2021-38934 RESERVED CVE-2021-38933 @@ -24083,8 +24081,7 @@ CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 NOT-FOR-US: Sonatype CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...) NOT-FOR-US: CyberArk Identity -CVE-2021-3657 [multiple buffer overflows in isync/mbsync] - RESERVED +CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...) - isync 1.4.4-1 [bullseye] - isync 1.3.0-2.2+deb11u1 [buster] - isync (Minor issue) @@ -39637,8 +39634,8 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This NOT-FOR-US: Apple CVE-2021-30651 RESERVED -CVE-2021-30650 - RESERVED +CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...) + TODO: check CVE-2021-30649 RESERVED CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...) @@ -49703,10 +49700,10 @@ CVE-2021-26621 RESERVED CVE-2021-26620 RESERVED -CVE-2021-26619 - RESERVED -CVE-2021-26618 - RESERVED +CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...) + TODO: check +CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...) + TODO: check CVE-2021-26617 RESERVED CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...) @@ -61311,6 +61308,7 @@ CVE-2021-21709 RESERVED CVE-2021-21708 RESERVED + {DSA-5082-1} - php8.1 - php7.4 - php7.3 @@ -61318,6 +61316,7 @@ CVE-2021-21708 NOTE: Fixed in 8.1.3, 7.4.28 NOTE: PHP Bug: https://bugs.php.net/81708 CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...) + {DSA-5082-1} - php8.1 8.1.0-1 - php8.0 - php7.4 7.4.26-1 @@ -64610,8 +64609,7 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-53929 -CVE-2021-20325 - RESERVED +CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...) - apache2 (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321 CVE-2021-20324 @@ -64620,20 +64618,17 @@ CVE-2021-20324 CVE-2021-20323 RESERVED NOT-FOR-US: Keycloak -CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies] - RESERVED +CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...) {DLA-2843-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230 -CVE-2021-20321 - RESERVED +CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...) {DLA-2843-1} - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5) -CVE-2021-20320 - RESERVED +CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...) - linux 5.14.9-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 @@ -64655,8 +64650,7 @@ CVE-2021-20316 [buster] - samba (Minor issue; no backport to older versions, mitigations exists) NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842 -CVE-2021-20315 [locking protection bypass allow unauthorized user to kill existing applications or start new ones] - RESERVED +CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...) - gnome-shell NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285 TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams -- cgit v1.2.3